Job Description
Job Title : Junior GRC Analyst
Openings : 1
Duration : 1 year +, potential to go perm
Pay Rate: $40
Interview Process : 1 virtual, final onsite with team
Start Date : ASAP
Location : Hybrid, Office 1-2x week (Thursday required as team day, Second day optional, Monday Preferred)
Minimum Qualifications & Experience Required
- Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field
- 1+ year experience in IT, cybersecurity, or healthcare
- Ability to assess and evaluate technical documentation (data flow and network architecture diagrams) and attestations /certifications (SOC 2, ISO)
- Familiarity with the HIPAA Security Rule, NIST CSF 2.0, and PCI-DSS
- Strong analytical, documentation, and problem-solving skills
- Excellent written and verbal communication skills for both technical and non-technical stakeholders
- Ability to manage multiple projects, collaborate across IT and business teams, and drive remediation efforts
- Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint)
Nice To Have Qualifications & Experience
- Exposure to ServiceNow and Safe Security
- Exposure to Factor Analysis of Information Risk (FAIR) for quantitative risk analysis
- Basic understanding of first and third-party risk management concepts and practices
- Familiarity with AI security concepts and emerging frameworks (NIST AI RMF, OWASP COMPASS)
- Industry certifications such as CompTIA Security+, CRISC, or CISA
Day-to-Day Responsibilities
- Conduct and document third-party risk assessments, reviewing security questionnaires, attestation/certification reports, BAAs, and technical diagrams
- Assist with risk quantification by gathering scenario inputs, impact drivers, and control maturity data.
- Support AI governance intake reviews and documentation for new use cases
- Track remediation and corrective actions related to findings, risks, and audit outcomes
- Assist in maintaining and updating risk registers and compliance documentation
- Assist in incident response documentation, root cause analysis, and identifying control improvements
- Support internal audits, e-discoveries, and evidence collection for regulatory and certification requirements
- Monitor and track remediation of identified risks and compliance gaps
- Help develop, document, and enforce security policies, standards, and procedures
- Collaborate with IT and business teams to ensure adherence to standards
- Prepare reports and dashboards for management on risk and compliance status
- Stay current on emerging regulations and security best practices
Job Tags
Permanent employment, Work at office, Immediate start,