Cyber Governance, Risk & Compliance (GRC) Analyst
Job Summary
We are seeking an experienced Cyber Governance, Risk & Compliance (GRC) Analyst to strengthen cybersecurity governance frameworks, conduct risk assessments, and perform assurance activities across business and technology functions in an enterprise environment.
Responsibilities
- Review, update, and maintain cybersecurity policies, standards, and procedures to ensure alignment with regulatory and organizational requirements
- Conduct Risk & Control Self-Assessments (RCSA) and maintain comprehensive risk registers to track cyber and technology risks
- Identify, assess, and monitor cyber and technology risks to support risk mitigation strategies
- Perform cybersecurity control testing and assurance reviews to validate the effectiveness of controls
- Prepare governance reports, dashboards, and management summaries to communicate risk posture and compliance status
- Coordinate with business units, technology teams, audit, and compliance stakeholders to facilitate governance and risk management activities
- Support audit readiness efforts and track remediation actions to ensure timely resolution of findings
Required competencies and certifications
- Bachelor's degree in Cybersecurity, Information Security, IT, or related field
- 3-7 years of experience in cybersecurity GRC, risk management, or compliance
- Strong analytical skills to interpret risk data and generate actionable insights
- Proficient in stakeholder management to collaborate effectively across teams
- Good understanding of cybersecurity frameworks such as NIST, ISO 27001, or similar standards
Preferred competencies and qualifications
- Relevant certifications such as CISA, CISM, CRISC, or ISO 27001 are advantageous
