Associate GRC Security Analyst

Requirements

• Bachelor's degree, preferably in Computer Science, Cybersecurity, Information Systems, or a related field
• 1-3 years of experience in GRC, IT audit, compliance, risk management, or a related field
• Familiarity with common compliance frameworks such as SOC2, PCI-DSS, NIST, ISO 27001, or GovRAMP
• Previously supported audits pertaining to SOC2 Type 2 and/or PCI-DSS (Level 1 or hands-on SAQs)
• Experience with or exposure to vendor risk assessment processes and third-party risk management
• Strong attention to detail with the ability to organize and manage documentation and evidence across multiple work streams
• Excellent written and verbal communication skills with the ability to work across technical and non-technical teams
• Comfort working in a fast-paced environment and managing multiple priorities simultaneously
• Relevant certifications such as CompTIA Security+, CISA, or GRCP are a plus
• Familiarity with GRC platforms like Vanta or Auditboard, or ticketing tools such as Jira is a plus

• IXL Learning, developer of personalized learning products used by millions of people globally, is seeking an Associate GRC Analyst to join our growing security team
• In this role you will support IXL's internal cybersecurity governance, compliance, and audit program by gathering evidence, performing vendor risk assessments, conducting risk assessments, and maintaining audit-ready documentation
• You will also contribute to security awareness training and phishing simulation programs and cross-train with and support other members of the security team
• This role is a great fit for someone early in their GRC career who is eager to build hands‑on experience across multiple compliance frameworks and risk management disciplines
• Support internal and external audits by gathering, organizing, and maintaining evidence in a timely and accurate manner
• Support the operation, implementation, and administration of the team's GRC platform, including compliance documentation management and reviews, attestations, workflow configuration, user management, and data integrity maintenance
• Perform vendor risk assessments to evaluate third‑party security posture and compliance alignment
• Conduct risk assessments and contribute to maintaining the organization's risk register and open findings tracking
• Support security awareness training programs including content coordination, participation tracking, and reporting
• Assist with planning, execution, and results reporting for phishing simulation campaigns
• Map and cross-reference controls across multiple compliance frameworks such as SOC2, PCI-DSS, GovRAMP, and NIST
• Maintain audit-ready documentation, policy version control, and evidence repositories year-round
• Track and manage security exceptions through their full lifecycle including intake, approval, and expiration
• Assist identifying, building and reporting on GRC‑specific metrics for leadership
• Cross-train with and support other members of the security team as needed