Governance, Risk & Compliance; GRC Analyst
Listed on 2026-07-08
-
IT/Tech
Cybersecurity, Information Security, IT Consultant
Location: St. Louis
Join our team as a GRC Analyst and play a key role in regulatory compliance, IT risk management, and security. You'll assess risks, support audits, and develop policies that align with industry standards. If you have a solid IT security background, experience in regulated environments (healthcare/finance), and a proactive mindset, we want to hear from you!
Position SummaryIn this role, you will ensure our organization adheres to client and regulatory requirements while identifying and managing technology risks effectively. The position may require occasional work after hours or on weekends. Exceptional customer service, written, and oral communication skills are a must.
Responsibilities- Work with Legal, Privacy, and Compliance to monitor and assess client and regulatory requirement changes to ensure that the IT program fulfills client and regulatory obligations.
- Collaborate with cross‑functional teams to communicate, implement, and maintain IT compliance initiatives.
- Assist leadership with development and maintenance of departmental policies and procedures.
- Conduct internal and external risk assessments to identify potential threats and vulnerabilities.
- Develop, maintain, and perform outbound assessments to vendors, suppliers, and partners.
- Evaluate the impact and likelihood of identified risks.
- Accurately respond to inbound assessments from clients and regulators.
- Work closely with business units to develop and implement risk mitigation strategies.
- Maintain the IT Risk Register.
- Conduct audits to assess IT compliance with policies, standards, and regulations.
- Coordinate user entitlement reviews and assist with ensuring data safeguards and controls are in place.
- Develop and implement monitoring programs to track compliance and risk metrics.
- Collaborate with internal and external auditors during scheduled audits.
- Document audit procedures performed ensuring audit methodology is consistently followed and conclusions are appropriately reached.
- Assist cyber incident handling as part of the computer incident response team.
- Maintain, govern, and execute Threat and Vulnerability Management processes.
- Assist in the scoping, solution, design, and implementation of operational security projects.
- Maintain subject‑matter expertise in relevant tools and services.
- Assist in the maintenance and testing of plans, policies, and procedures for IT and security, including Incident Response, Disaster Recovery, and Business Continuity.
- Generate and maintain regular reports for management review, including program‑level metrics and KPIs.
- Bachelor’s degree in information systems, computer science, or other relevant discipline strongly preferred.
- 3+ years of experience working in a similar industry or within a consulting firm.
- Experience reviewing and completing security questionnaires.
- Experience reviewing compliance and security reports (SOC 2, PCI, ISO, etc.).
- Experience working cross‑functionally to achieve objectives.
- Prior practical experience in application security, security threat, vulnerability management, identity and access management, computer forensics, red‑team examinations, or computer incident response strongly preferred.
- Experience performing security and due diligence reviews of vendors.
- In‑depth knowledge of information security best practices and frameworks such as NIST, Cybersecurity Framework, CIS Controls, ISO/IEC 27000/31000, and OWASP.
- Knowledge of common cloud infrastructure platforms and applications (e.g., AWS, Azure, M365) is a plus.
- Proficiency in tools like JIRA and Confluence preferred.
- Preferred certifications: CISA, CRISC, CISSP, SSCP, Security+.
- Proven commitment to the company’s core values: integrity, adaptability, service‑focused, accountability, curiosity, and community.
This hybrid role requires working from both home and office. Regular in‑person meetings are required as determined by management.
Work Conditions- General office conditions; may require sitting for extended periods.
- Infrequent overnight travel may be required.
To perform this job, the employee must regularly sit, talk, hear, and use hands and arms to handle, feel, and reach while operating a personal computer. Reasonable accommodations can be provided to employees with disabilities.
DisclaimerThis job description is a general overview and does not represent a comprehensive list of all duties. The organization reserves the right to modify this description at any time, including assigning or reassigning job duties or eliminating the position.
Equal Opportunity EmployerAll applicants are entitled to rights under federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.
#J-18808-Ljbffr(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).