Senior Security GRC Analyst

Job Summary

To support the organization's security initiatives, the remote Senior Security GRC Analyst will manage the Information Security Program, conduct compliance audits, and collaborate with various stakeholders to enhance security practices and policies.

Key responsibilities

• Manage and maintain the Branch Information Security Program and associated processes across corporate functions
• Conduct comprehensive gap analyses and manage risk and vulnerability assessments in accordance with regulatory frameworks
• Oversee the end-to-end third-party vendor management lifecycle, including onboarding and ongoing monitoring of vendor risk

Required qualifications

• 5-7 years of experience in a similar role
• 3+ years of expertise conducting audits (SOC 2, PCI, or ISO 27001)
• Knowledge of GRC tool techniques and best practices (e.g., Drata, HyperProof)
• Familiarity with security and compliance requirements for SOC 2, PCI, NIST CSF, ISO 27001, and CCPA
• CISA, CISM, or working toward certification