GRC Analyst

GRC Analyst – Auris

Join to apply for the GRC Analyst role at Auris | formerly Heartland

About Auris
Auris is the payroll and HR partner built for small and medium‑size businesses that can’t afford to get it wrong. Trusted by over 50,000 businesses nationwide, Auris pairs easy‑to‑use technology with real human services to give leaders the confidence that every detail is done right — so they can focus on growing their team and their business. Acquired by Acrisure in 2025, Auris formerly Heartland Payroll is accelerating its vision to deliver seamless, human‑centered technology to help small businesses thrive.

You will be a hands‑on GRC professional who builds, monitors, and improves the frameworks that keep our organization compliant, resilient, and risk‑informed. You’ll work across technology, operations, and product teams to assess control effectiveness, manage audits, and translate regulatory requirements into actionable, measurable security practices. Success in this role means turning governance into enablement—helping teams move faster by defining clear expectations, automating evidence, and maintaining trust with our customers, auditors, and partners.

• Maintain and evolve the Information Security Governance Framework aligned with NIST, ISO 27001, SOC 2, PCI‑DSS, and SOX.
• Map controls across frameworks to identify overlaps, gaps, and automation opportunities.
• Draft and update policies, standards, and procedures.
• Monitor control effectiveness through dashboards and continuous checks.
• Identify, assess, and report technology and cybersecurity risks.
• Facilitate risk assessments for products, vendors, and projects; track mitigation plans.
• Maintain risk register with likelihood, impact, and residual risk metrics.
• Produce risk reports and heatmaps for leadership.
• Lead or support audits (SOC, NYDFS, Texas DOB); coordinate evidence and interviews.
• Maintain audit calendar and ensure timely control testing.
• Track remediation of findings and report status.
• Manage vendor security reviews: questionnaires, evidence validation, risk scoring.
• Oversee security due diligence for acquisitions and critical partners.
• Maintain vendor risk register and report exposure.
• Publish dashboards on control health, risk posture, and compliance.
• Communicate risk and compliance expectations clearly to stakeholders.
• Support security awareness and training campaigns.

• Enablement mindset: You see governance as a way to empower teams, not block them.
• Curiosity: You dig into how controls really work in technical systems, not just on paper.
• Precision: You care about evidence quality and clarity of documentation.
• Collaboration: You work cross‑functionally with engineers, legal, and executives to close risk gaps.
• Communication: You distill complex regulatory and control requirements into understandable, actionable guidance.

Candidates should be comfortable with an on‑site presence to support collaboration, team leadership, and cross‑functional partnership.

At Acrisure, we’re building more than a business, we’re building a community where people can grow, thrive, and make an impact. Our benefits are designed to support every dimension of your life, from your health and finances to your family and future.

• Physical Wellness:
  Comprehensive medical insurance, dental insurance, and vision insurance; life and disability insurance; fertility benefits; wellness resources; and paid sick time.
• Mental Wellness:
  Generous paid time off and holidays;
  Employee Assistance Program (EAP); and a complimentary Calm app subscription.
• Financial Wellness:
  Immediate vesting in a 401(k) plan;
  Health Savings Account (HSA) and Flexible Spending Account (FSA) options; commuter benefits; and employee discount programs.
• Family Care:
  Paid maternity leave and paid paternity leave (including for adoptive parents); legal plan options; and pet insurance coverage.
• … and so much more!

This list is not exhaustive of all available benefits. Eligibility and waiting periods may apply to certain offerings. Benefits may vary based on subsidiary entity and geographic location.

Acrisure is an Equal Opportunity Employer. We consider qualified applicants without regard to race, color, religion, sex, national origin, disability, or protected veteran status. Applicants may request reasonable accommodation by contacting

California Residents: Learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy.

Recruitment Fraud: Please visit here to learn more about our Recruitment Fraud Notice.

Welcome, your new opportunity awaits you.