ServiceNow GRC Analyst (Security)

We're looking for a hands-on ServiceNow GRC Analyst to join a growing Security organization and support the implementation of an established security control framework across SaaS applications. This is an execution-focused role, not a strategy or architecture position.

The team has already identified the controls and aligned them to the appropriate framework. This role will focus on operationalizing those controls in ServiceNow, working closely with system owners and technical leads to document, validate, and track compliance-while intentionally excluding physical security-related controls and documenting the rationale for exclusions. This is a fast-paced environment ("drinking from the firehose"), ideal for someone who can quickly get the lay of the land, follow defined processes step by step, and move work forward independently.

5-8 years of hands-on ServiceNow experience

o Strong emphasis on manual, operational work (not a strategic or design-focused role)

• ServiceNow GRC module experience

o Ability to work directly within the GRC module to track controls, assessments, and evidence

• Security fundamentals

o Strong enough security knowledge to implement an existing security plan, not create one

• Experience working with SaaS applications

o Must understand how to scope and assess SaaS controls

• Ability to execute against predefined controls

o Controls are already identified and aligned to a framework

o Candidate will perform first-pass assessments and follow documented steps

• Strong communication and interpersonal skills

o Comfortable working with:

? System Owners (business-facing stakeholders)

? Technical Leads / DTE teams - Domain experience with security or compliance regulations

o Understanding of regulatory environments or risk frameworks is a plus

• Prior experience documenting control exclusions and rationale

• Experience supporting security or GRC efforts within a large enterprise environment