×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity

Senior GRC Analyst

Job in Tulsa, Tulsa County, Oklahoma, 74145, USA
Listing for: Sky Mavis
Full Time position
Listed on 2026-05-24
Job specializations:
  • IT/Tech
    Cybersecurity
Salary/Wage Range or Industry Benchmark: 80000 - 110000 USD Yearly USD 80000.00 110000.00 YEAR
Job Description & How to Apply Below

About Us

Clayco is a full-service, turnkey real estate development, master planning, architecture, engineering, and construction firm that safely delivers clients across North America the highest quality solutions on time, on budget, and above and beyond expectations. With $8.1 billion in revenue for 2025, Clayco specializes in the "art and science of building," providing fast track, efficient solutions for mission critical, industrial, life sciences, power & energy, aviation, commercial, institutional, residential and sports & entertainment related building projects.

The Role We Want You For

Under the direction of and in collaboration with the GRC Manager, the Sr. GRC Analyst, Third‑Party & Human Risk Management (TPHRM) is a risk‑focused, highly analytical role that ensures all human and third‑party risk to Clayco is identified, quantified, documented, and treated to an acceptable level across the Clayco organization. This role will assume ownership of the Third‑Party Risk Management (TPRM) process to gather details on the security practices and compliance levels for each third‑party being considered or contracted for a solution or services to assess the potential for compromise due to a control gap or exploitable misconfiguration as well as non‑compliance with legal and regulatory requirements.

Additional contribution will be expected for internal assessments and 3rd Party audits to gather and submit discovery and transactional responses and artifacts. The Sr. GRC Analyst will also assume ownership of Human Risk Management (HRM) including the delivery of comprehensive security awareness education, the end‑to‑end execution of phishing simulation programs, and the technical maintenance and life‑cycle management of security awareness platforms.

Beyond simple training, the position focuses on Human Risk Management (HRM), using data‑driven insights to identify high‑risk user groups and implementing targeted interventions to proactively mitigate human‑centric threats to cultivate a security‑first culture internally through education and behavioral change. Additional responsibilities will be assigned as deemed necessary. Any travel is usually planned in advance, but issues may arise which warrant immediate travel to one or more satellite locations.

The

Specifics of the Role
  • Assumes operational ownership of the 3rd Party Vendor Risk Management program identifying, assessing, and mitigating risks associated with external vendors, suppliers, and service providers
  • Conducts due diligence on new and existing vendors by reviewing security questionnaires, SOC reports, compliance certifications, and other supporting attestations
  • Captures, analyzes, and recommends treatment, assignment, and tracking of identified issues
  • Collaborates with legal and stakeholder teams to ensure contracts include specific clauses for data protection, service‑level agreements (SLAs), and AI governance
  • Documents and communicates all relevant findings and recommendations to stakeholders
  • Tracks, monitors, and reports on execution of remediation action plans and escalates inadequate responses or progress
  • Assumes ownership of the Security Awareness program determining appropriate topics, themes, scopes, and timing of cyber awareness communications, events, and content delivery
  • Conducts regular, simulated social engineering exercises to assess and improve employee recognition of real‑world attacks
  • Develops engaging, simple materials—such as infographics, newsletters, and videos—that translate complex technical risks into lay'​man'​s terms
  • Maintains Security Awareness training and simulation platforms to support content delivery and End User interaction, including support for any Client‑side functionality (i.e., "Report Phish" button)
  • Plans, coordinates, and executes activities for Cybersecurity month
  • Partners with Employee Relations, Legal, and Marketing to ensure security messaging is integrated into the broader corporate culture
  • Tracks Key Risk Indicators (KRI s) such as actual phishing click‑through rates, failed simulations, and missed training as well as Key Performance Indicators (KPIs) like suspicious email reporting, passed simulations,…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search