GRC Analyst

The Technology Risk Assessor is an entry-level role focused on identifying, assessing, and documenting technology risks across the enterprise. This role supports the Technology Risk and Governance function by evaluating technology controls against industry-standard frameworks such as NIST, COBIT, and ISO, and by working closely with Control Owners to understand control design, effectiveness, and residual risk.

Core Responsibilities:

• Support enterprise Technology Risk Assessments across IT, cybersecurity, and technology domains.
• Assess technology risks using recognized frameworks including NIST, COBIT, and ISO/ISO 27001.
• Identify, document, and evaluate inherent and residual technology risks.
• Understand and document existing technology and security controls and how they mitigate risk.
• Map risks to controls and align them to applicable framework requirements.
• Engage and collaborate with Control Owners to perform control walkthroughs and risk discussions.
• Facilitate structured conversations with stakeholders to validate control design and operating effectiveness.
• Document risk statements, control descriptions, and supporting evidence in risk registers and governance tools.
• Support risk remediation tracking and follow-up with Control Owners.
• Prepare clear risk summaries and materials for risk governance and management review.

Technology Risk & Framework Focus

• Apply NIST, COBIT, and ISO principles to assess technology risks and controls.
• Understand how framework requirements translate into practical technology controls.
• Assist in identifying control gaps and areas of improvement relative to framework expectations.
• Support alignment of technology risk posture with organizational risk tolerance.

• Foundational understanding of technology risk, IT controls, and governance concepts.
• Basic knowledge of cybersecurity and technology risk management.
• Familiarity with NIST, COBIT, and/or ISO frameworks (academic or professional).
• Strong written and verbal communication skills.
• Ability to engage professionally with Control Owners and technical stakeholders.
• Strong analytical, organizational, and documentation skills.
• Ability to translate technical discussions into clear risk language.

Education and Experience:

• Entry-level role; 0-3 years of experience in technology, IT risk, cybersecurity, audit, compliance, or governance.
• Bachelor's degree in Information Systems, Cybersecurity, Computer Science, Business, or a related field (or equivalent experience).

Key Success Factors:

• Comfortable navigating conversations with Control Owners and stakeholders.
• Clear and structured articulation of technology risks and controls.
• Strong attention to detail and documentation quality.
• Willingness to learn and grow within a Technology Risk and Governance function.
• Collaborative mindset across technical and non-technical teams.