Governance, Risk, & Compliance (GRC) Analyst (Senior or Lead)
$130,900–$233,450 year
Hybrid · Chicago, Illinois, United States or San Francisco, California, United States
Job Summary
GRC Analyst (Senior or Lead) responsible for developing and maintaining enterprise policies, standards, controls, and implementation procedures across applications, infrastructure, cloud environments, databases, shared resources, and information systems. Translate regulatory, contractual, and cybersecurity requirements into actionable governance and control requirements. Design, maintain, and optimize the enterprise control framework, including control rationalization, consolidation, and framework alignment. Partner with cybersecurity, infrastructure, engineering, cloud, application, data governance, privacy, and compliance teams to ensure governance requirements are practical and feasible. Support governance modernization initiatives, ServiceNow IRM policy management, and control automation to improve scalability and efficiency. Develop and support control policies and strategies, prepare governance reporting, and communicate program status to stakeholders and leadership.
Required Qualifications
- 5+ years of experience in Governance, Risk and Compliance (GRC), Information Technology (IT) Audit, Information Security, Vulnerability Management, and Compliance
- 5+ years experience supporting enterprise technology environments including applications, infrastructure, cloud services, databases, networks, or identity and access management platforms
- 3+ years experience writing enterprise policies, standards, controls and implementation procedures
- 3+ years of experience leading governance transformation or enterprise control framework initiatives
- Strong understanding of how enterprise technologies are deployed, operated, administered, and secured across different environments
- Experience collaborating directly with engineering, infrastructure, cloud, application, or operations teams to develop practical and technically feasible implementation procedures
- 3+ years of experience in cybersecurity and regulatory frameworks including NIST 800-53, NIST 800-171, CMMC, ISO, GDPR, ITAR or similar frameworks
- Bachelor’s degree in Cybersecurity, information Technology, Risk Management, Computer Science, or related field
This role has closed. Sorce can match you with similar open roles and apply on your behalf.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.