GRC e-Discovery and Risk Analyst

Job Description

GRC e-Discovery Specialist

The company is seeking a GRC e-Discovery Specialist to support governance, risk, and compliance (GRC) operations by identifying, collecting, preserving, reviewing, and producing electronically stored information (ESI) for legal or regulatory matters using Microsoft Purview.

The key responsibilities of this role will be the day‑to‑day execution of governance and compliance workflows related to eDiscovery, data retention, and privacy. The role will ensure the company’s audit readiness and eDiscovery risk tracking. In addition to these responsibilities, the role may be called upon to perform other GRC‑related activities in the direction of the Manager, GRC. This position is well‑suited for an early‑to‑mid‑career professional (3+ years of experience) looking to grow into broader governance and compliance responsibilities.

• Support and administer, from a GRC perspective, Microsoft Purview (Compliance Portal), including eDiscovery, legal holds, retention policies, and content search.
• Manage litigation holds and the eDiscovery lifecycle for legal and regulatory matters.
• Partner with Legal, Risk, Privacy, enterprise Data Management and IT teams on discovery, audit, regulatory inquiries, compliance, and evidence collection.
• Maintain and audit data retention schedules across Microsoft 365 and other collaboration platforms.
• Support data privacy operations, including DSARs under GDPR, CCPA, and related regulations.
• Support documentation, SOPs, and GRC governance workflows related to eDiscovery.
• Identify opportunities to improve or automate GRC processes related to eDiscovery.

• Hands‑on experience supporting or administering Microsoft Purview (Compliance Portal).
• Working knowledge of the eDiscovery lifecycle, including litigation holds and ESI handling.
• Working knowledge of GRC best practices and various regulatory and best practice frameworks, including GDPR, TRAIGA and NIST CSF, NIST Privacy Framework and NIST Risk Management Framework (RMF).
• Experience with data retention, records management, and defensible deletion.
• Familiarity with Microsoft 365 (SharePoint, Teams), Box, and other collaboration platforms.
• Experience supporting control and risk assessments of data controls, including risk evaluation of third parties as they relate to e‑Discovery.
• Experience supporting audits, legal requests, risk assessments, or regulatory inquiries.
• Ability to document processes, procedures, and workflows clearly and accurately.

• Strong analytical and problem‑solving skills with attention to detail.
• Ability to explain technical processes to non‑technical stakeholders.
• Effective collaboration across Legal, Risk, Compliance, enterprise Data Management, IT, and business teams.
• High integrity and commitment to confidentiality.
• Adaptability in evolving regulatory and technological landscapes.
• Initiative and ownership in improving processes and policies.

• 3+ years of experience in eDiscovery, information governance, compliance operations, privacy operations, or a related field.
• Hands‑on experience supporting or administering Microsoft Purview.
• Familiarity with regulatory and best practice frameworks: GDPR, TRAIGA and NIST CSF, NIST Privacy Framework, and NIST Risk Management Framework (RMF).
• Familiarity with GRC best practices (Controls Management, Risk Management, Policy Management, Third‑Party Risk Management).
• Familiarity with the eDiscovery lifecycle and litigation holds.
• Experience with Microsoft 365 (SharePoint, Teams), Box, and similar platforms.
• Strong documentation, organization, and cross‑functional communication skills.
• Ability to work independently while continuing to develop new skills.

• Certified E‑Discovery Specialist (CEDS) or similar certification.
• Exposure to governance, risk, or compliance programs and CRISC certification.
• Experience supporting audits or regulatory requirements.

Reports to the Governance, Risk, and Compliance Manager and partners with Legal, Risk, Integration Managers, and Infrastructure teams.