GRC Analyst
Role details
Job location
Tech stack
Job description
Compliance & Framework Support
- Assist in the implementation, maintenance, and monitoring of compliance frameworks (e.g., NIST, ISO 27001, SOX, SOC2, CIS, etc.)
- Support internal and external audit activities, including evidence collection and control validation
- Track and report on compliance status, gaps, and remediation efforts
Third-Party Risk Management (TPRM)
- Conduct vendor risk assessments and due diligence reviews
- Analyze third-party security posture and identify potential risks
- Maintain vendor inventory and track risk treatment activities
- Collaborate with business owners to ensure appropriate risk mitigation
Risk Management
- Support the execution of the Information Security risk management lifecycle
- Assist with risk identification, assessment, documentation, and tracking
- Help maintain risk registers and ensure risks are properly escalated and monitored
- Partner with stakeholders to support risk remediation planning
Policy Governance
- Assist in drafting, reviewing, and maintaining information security policies, standards, and procedures
- Facilitate policy review cycles, approvals, and documentation updates
- Ensure alignment with regulatory requirements and industry best practices
GRC Tooling & Process Support
- Support and learn the administration and use of ServiceNow GRC
- Assist in configuring workflows, tracking activities, and improving GRC processes
- Help identify opportunities for automation and process optimization
Requirements
Do you have experience in Vendor compliance audits?, Do you have a Bachelor's degree?, We are seeking a motivated and detail-oriented GRC Analyst to join our Information Security team. This role will support the organization's governance, risk, and compliance initiatives, focusing on regulatory and framework alignment, third-party risk management, risk lifecycle processes, and policy governance.
The ideal candidate will have foundational knowledge of information security principles, strong analytical skills, and a willingness to learn and grow within the GRC space, especially in platforms such as ServiceNow GRC., * Bachelor's degree in Information Security, Cybersecurity, IT, or related field (or equivalent experience)
- 1-3 years of experience in information security, risk, compliance, or audit (internships acceptable)
- Basic understanding of security frameworks and regulatory requirements
- Strong analytical, organizational, and documentation skills
- Excellent written and verbal communication skills
Preferred
- Exposure to frameworks such as NIST, ISO 27001, SOC 2, or CIS
- Security or compliance certifications (e.g., CISM, CRISC, CISSP, CGEIT, or CISA).
- Experience with third-party risk management processes
- Familiarity with risk management concepts and methodologies
- Exposure to GRC tools (ServiceNow GRC preferred, but not required)
Key Competencies
- Detail-oriented with strong follow-through
- Ability to manage multiple priorities and deadlines
- Collaborative mindset with cross-functional teams
- Curiosity and willingness to learn new tools and frameworks
- Strong problem-solving and critical-thinking skills
Why Join Us
- Opportunity to grow within a maturing GRC program
- Exposure to a wide range of security, compliance, and risk disciplines
- Hands-on experience with industry-standard tools like ServiceNow GRC
- Collaborative and supportive team environment
Benefits & conditions
3.43.4 out of 5 stars Lowell, MA $78,000 - $125,000 a year, Pulled from the full job description
- 401(k)
- Health insurance
- Paid time off
- Vision insurance
- Dental insurance
- RSU, The Salary Range for this position is $78,000 - $125,000. Actual salary offered to candidate will depend on several factors, including but not limited to, work location, relevant candidates' experience, education, and specific knowledge, skills, and abilities.
Benefits: This position offers a comprehensive benefits package including but not limited to:
-
Health, dental, and vision insurance.
-
Employer-sponsored 401(k) plan.
-
Paid time off.