GRC Security Analyst; Compliance
Listed on 2026-07-07
-
IT/Tech
Cybersecurity, Information Security
job summary:
Remote daily work with the ability to report to the Madison Office for training or when required for emergency situations. Must be a current Wisconsin resident. No relocation allowed. Position will be 100% remote after training, but all work must be done within Wisconsin.
Under the general supervision of the GRC Manager, this position serves as a Security Analyst responsible for supporting a wide range of compliance and cybersecurity functions. Core responsibilities include providing risk assessment and/or compliance support. Taking part in or leading audits, submitting findings, analyzing risks for specific areas, monitoring corrective actions, and drafting risk reports with metric charts and ongoing effort accountability.
location:Telecommute
job type:
Contract
salary: $24.66 - 34.66 per hour
work hours: 8am to 5pm
education:
High School
responsibilities:
Support cybersecurity policy execution, operational standards, and governance activities.
- Review policy, procedures, controls, and standards to ensure regulatory standards are met.
- Address compliance issues with IT security standards; identifying deficiencies and recommending control and risk mitigation measures.
- Review documentation to ensure it meets standards and applicable regulatory requirements, standards, or industry best practices.
- Assist with the creation of new and updates to policy, process, and technical controls to determine if they are sufficient and functioning as intended.
- Report on risks and mitigations as well as following up to verify that adjustments were made.
- Interpret NIST or other standards to recommend and implement best practices.
- Contribute to the maintenance and operationalization of information security policies, procedures, and response playbooks.
- Review new IT projects, systems, and vendor solutions for security risk, documenting and escalating concerns as needed.
- Provide technical consulting and security recommendations aligned with standards and architecture.
- Participate in enterprise-level risk assessments and contribute data to compliance, audit, or risk reporting needs.
- Assist in threat modeling exercises or tabletop simulations designed to improve preparedness and resiliency.
- Triage, analyze, and respond to cybersecurity alerts using current technologies and tools.
- Conduct forensic investigations into suspected security incidents, including phishing, account compromise, and endpoint breaches.
- Coordinate with internal teams to contain, eradicate, and recover from security incidents.
- Analyze logs, threat intelligence, and user behavior to identify indicators of compromise (IOCs) and prevent recurrence.
- Document incident response actions and create post-incident reports with recommended improvements.
- Participate in phishing mitigation, email threat response, and takedown coordination with third-party providers.
- Assist in vulnerability validation and risk triage based on vendor and tool security recommendations.
- Support the tuning, configuration, and enhancement of security technologies.
- Assist with employee forensics, HR/legal investigations, and eDiscovery requests through log and artifact analysis.
- Assist with continuous improvement of detection logic, alerts, and response workflows in current technologies and tools.
- Collaborate with internal teams to implement, monitor, and maintain endpoint security, network protection, and access control systems.
- Assist in the deployment or refinement of security technologies and tools.
- Test and validate new use cases or configurations in existing tools and platforms, reporting anomalies or conflicts.
- Maintain technical documentation and inventories related to security tooling, integrations, and metrics.
- Participate in professional development opportunities such as conferences, technical training, and webinars.
- Track emerging threats, vulnerabilities, and technology trends through vendor briefings, information sharing groups, and security communities.
- Contribute to internal knowledge sharing and cross-training within the security team.
At least 2 year's of experience required in the following:
- Understanding of NIST Cybersecurity Framework, NIST RMF, and other common security standards.
- Experience and working knowledge of common security frameworks and control theories to include current applicable NIST, CJIS, and ISO standards
- Experience with creating and leading discussions around the implementation and artifact collection of NIST 800-53 controls
- Proficiency in triaging and analyzing cybersecurity alerts using enterprise technologies and tools.
- Familiarity with phishing mitigation strategies and email threat analysis.
- Incident Response Forensics and Remediation (i.e. Crowdstrike, Sandbox evaluation & detonation, Phish…
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).