Job Summary
We are seeking an experienced Cyber Governance, Risk & Compliance (GRC) Analyst to strengthen cybersecurity governance frameworks, conduct risk assessments, and perform assurance activities across business and technology functions within an enterprise environment.
Responsibilities
- Review, update, and maintain cybersecurity policies, standards, and procedures to ensure alignment with regulatory and organizational requirements
- Support Risk & Control Self-Assessments (RCSA) by evaluating controls and maintaining accurate risk registers to track cyber and technology risks
- Identify, assess, and monitor cyber and technology risks to mitigate potential threats and vulnerabilities
- Perform cybersecurity control testing and assurance reviews to validate effectiveness and compliance of security measures
- Prepare governance reports, dashboards, and management summaries to communicate risk posture and compliance status to stakeholders
- Coordinate with business units, technology teams, audit, and compliance stakeholders to facilitate risk management and governance activities
- Support audit readiness by preparing documentation and tracking remediation efforts to address identified gaps
Preferred competencies and qualifications
- Bachelor's degree in Cybersecurity, Information Security, IT, or related field
- 7+ years of experience in cybersecurity GRC, risk management, or compliance
- Good understanding of cybersecurity frameworks such as NIST, ISO 27001, or similar standards
- Experience in policy review, risk assessments, and control testing
- Strong analytical, reporting, and stakeholder management skills
- Relevant certifications such as CISA, CISM, CRISC, or ISO 27001 are advantageous
