IT GRC Analyst

IT GRC Analyst
Our client is seeking an experienced IT GRC Analyst to support enterprise-wide governance, risk, and compliance initiatives within a highly regulated environment. This role plays a critical part in evaluating technology risk, strengthening internal controls, and ensuring alignment with regulatory requirements and leading industry frameworks. The ideal candidate brings prior experience from a Big 4 consulting or audit environment and is comfortable operating in fast-paced, audit-driven organizations.

This role is a hybrid model working onsite 4 days a week in Houston, Texas.

• Develop, maintain, and update IT policies, procedures, and standards supporting IT General Controls and overall compliance objectives.
• Align IT controls with leading industry frameworks such as NIST, COSO, ISO, and ITIL to ensure effective governance and SOX support.
• Monitor and report on ITGC compliance status, providing consistent visibility to leadership and key stakeholders.
• Partner cross-functionally during the design, enhancement, and review of IT controls.
• Support IT risk assessments, including risk identification, impact analysis, and mitigation planning.
• Perform control development, control testing, and ongoing monitoring to validate control effectiveness.
• Track audit issues and remediation activities through resolution.
• Maintain the IT risk register and ensure all documentation is complete, accurate, and audit-ready.
• Support regulatory compliance efforts through documentation management and requirement tracking.
• Provide internal and external audit support, including evidence collection and walkthrough facilitation.
• Support governance training, communication, and compliance awareness initiatives.
• Conduct recurring compliance testing activities, including periodic user access and entitlement reviews.

• Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Business, or a related discipline; equivalent experience may be considered.
• Minimum of 5 years of IT experience with at least 2 years focused on IT audit, compliance, risk management, or security.
• Prior experience working at a Big 4 firm (Deloitte, PwC, Ernst & Young, or KPMG) as an IT Auditor, GRC Analyst, or Security Analyst is strongly preferred.
• Experience with SailPoint is a strong plus but not required.
• Hands‑on experience performing risk assessments, control testing, control design, and policy/procedure development.
• Familiarity with GRC tools, identity governance platforms, privileged access management, and access review technologies.
• Strong analytical, investigative, and problem‑solving skills with the ability to work independently.
• Excellent written and verbal communication skills with the ability to convey complex technical and regulatory concepts clearly.
• Demonstrated ability to manage multiple priorities, meet deadlines, and adapt in dynamic environments.
• Detail‑oriented, reliable, and capable of building strong working relationships across technical and business teams.
• Experience working in regulated or compliance‑driven environments is preferred.
• Must be eligible to work under applicable U.S. federal requirements related to nuclear or energy sector compliance, including DOE 10 CFR Part 810.

Benefits are available to eligible full‑time employees and include coverage for medical, dental, vision, life insurance, short and long term disability, and matching 401(k).

Vander Houwen is an Equal Opportunity Employer and participates in E‑Verify. Vander Houwen does not discriminate based on race, color, religion, sex, national origin, age, disability, or any other characteristic protected by applicable local, state, or federal civil rights laws.