Cyber Governance, Risk & Compliance (GRC) Analyst

Cyber Governance, Risk & Compliance (GRC) Analyst

Job Summary

We are seeking an experienced Cyber Governance, Risk & Compliance (GRC) Analyst to strengthen cybersecurity governance frameworks, conduct risk assessments, and perform assurance activities across business and technology functions in an enterprise environment.

Responsibilities

• Review, update, and maintain cybersecurity policies, standards, and procedures to ensure alignment with regulatory and organizational requirements
• Conduct Risk & Control Self-Assessments (RCSA) and maintain comprehensive risk registers to track cyber and technology risks
• Identify, assess, and monitor cyber and technology risks to support risk mitigation strategies
• Perform cybersecurity control testing and assurance reviews to validate the effectiveness of controls
• Prepare governance reports, dashboards, and management summaries to communicate risk posture and compliance status
• Coordinate with business units, technology teams, audit, and compliance stakeholders to facilitate governance and risk management activities
• Support audit readiness efforts and track remediation actions to ensure timely resolution of findings

Required competencies and certifications

• Bachelor’s degree in Cybersecurity, Information Security, IT, or related field
• 3–7 years of experience in cybersecurity GRC, risk management, or compliance
• Strong analytical skills to interpret risk data and generate actionable insights
• Proficient in stakeholder management to collaborate effectively across teams
• Good understanding of cybersecurity frameworks such as NIST, ISO 27001, or similar standards

Preferred competencies and qualifications

• Relevant certifications such as CISA, CISM, CRISC, or ISO 27001 are advantageous