Governance Risk & Compliance; GRC Analyst

Location: Lakewood, CO

Title: Governance Risk & Compliance (GRC) Analyst

Remote: No, Hybrid OK

Salary: $50.00 USD Hourly - $70.00 USD Hourly

Full Time Salary After Conversion: $120-130K

Main focus for this position is Security Audits to prepare for ISO 27001 Certification. Current Software being used is Bit Site

The GRC Analyst is a member of the Governance, Risk & Compliance function within the Global Information Security Office and supports the implementation of company-wide security governance, risk management, and compliance programs. Under the direction of the GRC Functional Leader, the analyst contributes to policy development, risk oversight, and continuous improvement of the organization’s security posture. The role also works closely with regional Information Security Officers (ISOs) and cross-functional teams to support the deployment of global standards and local regulatory requirements.

• Company-wide risk assessment and audit response: support information security risk assessments for new projects, systems, and business processes; assist in conducting internal control reviews (e.g., J‑SOX); prepare audit materials and coordinate responses to internal and external auditors; track and follow up on remediation actions.
• Policy Development and Management: contribute to drafting, updating, and maintaining global information security policies, standards, and procedures; review relevant laws, regulations, and industry frameworks (e.g., ISO 27001, NIS2); incorporate stakeholder feedback; support rollout and implementation of policies across regions.
• Maintain compliance and certification: monitor adherence to security and regulatory requirements, including ISO 27001, NIS2, and GDPR; collect and organize compliance evidence; track corrective actions; support certification and regulatory readiness efforts.
• Supplier
  
  Risk Management:
  
  conduct third-party security risk assessments, analyze responses, verify controls, document results; identify and escalate high-risk findings; support mitigation activities.
• Security Awareness and Training: plan and implement security awareness programs; create e‑learning materials and training; conduct phishing email exercises; distribute content on internal portals.
• Cybersecurity Regulatory Monitoring (Industrial Systems, IT Systems, and Critical Infrastructure): monitor and analyze global regulatory developments; evaluate impact of new or updated regulations; track obligations and support gap assessments.
• CISO Dashboard: prepare, maintain, and improve the CISO Dashboard; collect, validate, and analyze security metrics; compile KPIs and KRIs; support visualization and communication of security posture.
• AI Security Oversight: support development and enforcement of governance controls for secure AI use; identify risks; contribute to risk assessments and mitigation plans; evaluate third-party AI tools.

• Support the development and improvement of GRC processes, tools, and documentation.
• Assist in preparing reports, presentations, and materials for leadership reviews and steering committees.
• Participate in internal security projects and initiatives, including process automation and governance workflow enhancements.
• Provide coordination and administrative support for security committees, working groups, and regional GRC activities.
• Perform additional duties as assigned to support the Global Information Security Office.

• Knowledge of security policies, standards, regulations and frameworks such as ISO 27001; familiarity with internal control frameworks (e.g., J‑SOX) and audit support.
• Risk Management and Audit experience; strong analytical and problem-solving skills.
• Communication and
  
  Collaboration:
  
  ability to communicate security requirements and audit findings clearly across regions and business units.
• Professional Certifications (Preferred): CISSP, CISA, CISM, ISO 27001 Lead Implementer/Auditor.

• Experience with GRC platforms (Bit Sight, Drata, One Trust, Archer).
• Understanding of technical security domains (identity & access management, endpoint protection, vulnerability management, cloud security).
• Project Coordination experience with cross-functional security initiatives.
• Analytical and Data
  
  Skills:
  
  dashboards, KPI/KRI reporting, data visualization.
• Regulatory Awareness: NIS2, AI governance, critical infrastructure rules.
• Cross-Cultural
  
  Collaboration:
  
  working with global teams across regions and time zones.

• Bachelor’s degree in information security, cybersecurity, information systems, computer science, or related field; or equivalent experience.
• 3 to 5+ years experience in information security, governance, risk management, compliance, IT audit, or related discipline.