Associate GRC Analyst

The Associate GRC Analyst will support our Governance, Risk, and Compliance program. This role is well‑suited for an early‑career professional looking to gain hands‑on experience with security frameworks, risk assessments, audits, and compliance operations in an enterprise environment.

The Associate GRC Analyst will work closely with senior GRC, security, legal, and IT stakeholders to help ensure regulatory, contractual, and internal security requirements are met.

Candidates should demonstrate a clear interest in pursuing a cybersecurity compliance career, as this role focuses on governance and compliance rather than engineering or technical work.

• Assist with maintaining and updating security policies, standards, and procedures.
• Support compliance efforts aligned with frameworks such as NIST, ISO 27001, SOC 2, PCI DSS, and/or CMMC.
• Collect, organize, and maintain audit evidence for internal and external audits.
• Track compliance tasks, remediation activities, and milestones.
• Support third‑party/vendor risk assessments and due‑diligence reviews.
• Assist with documenting risk assessments, risk registers, and mitigation plans.
• Help respond to customer security questionnaires and compliance requests.

• Maintain GRC documentation, trackers, and tools.
• Coordinate with internal teams to gather compliance and security information.
• Support incident response documentation and post‑incident reviews as needed.
• Other duties as assigned.

• 2+ years of experience with Information Security, Risk Management, Compliance, and Governance.
• Basic understanding of information security and risk management concepts.
• Strong written communication skills and attention to detail.
• Ability to manage documentation and multiple work streams simultaneously.
• Proficiency with Microsoft Word, Excel, and PowerPoint.

• Exposure to GRC frameworks (NIST, ISO, SOC 2, PCI DSS, etc.).
• Internship or entry‑level experience in security, IT, audit, or compliance.
• Familiarity with vendor risk management or security questionnaires.
• Experience with GRC tools (e.g., ZenGRC, Archer, Service Now GRC).
• Bachelor’s degree in Information Security, Risk Management, CS, or a related field.

• Hands‑on exposure to real‑world security and compliance programs.
• Mentorship from experienced GRC and security professionals.
• Clear growth path into senior GRC, risk, or security compliance roles.
• Cross‑functional collaboration with security, legal, IT, and business teams.

We are an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, religion, color, national origin, gender, gender identity, sexual orientation, age, disability or veteran status.