GRC Analyst (IC3) – Compliance
6-Month Contract Opportunity
We are seeking a skilled GRC Compliance Analyst to support and enhance our organization's compliance and security initiatives. This role will focus on facilitating audits, responding to regulatory and customer requirements, and ensuring a robust compliance posture.
You will collaborate with cross-functional teams to collect evidence, address gaps, and deliver high-quality responses that align with industry standards and customer expectations.
Key Responsibilities:
* Facilitate ISO 27001, SOC 2 Type II, and customer audits.
* Support the implementation and maintenance of external compliance tools, including upgrades and daily management.
* Gather evidence and finalize audit responses while tracking remediation tasks to ensure successful audit closure.
* Communicate gaps in processes or compliance requirements to the Risk Management Team.
* Review customer and partner contracts for information security requirements.
* Ensure security policies and procedures are documented, updated, and aligned with governance standards.
* Act as a liaison between internal teams to provide evidence for internal and external audits.
Minimum Qualifications:
* Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field; equivalent experience may substitute for a degree.
* At least 2 years of experience in governance, risk, and compliance (GRC) in a technology-related industry and 5–7 years of experience in business process analysis or project methodology.
* Strong understanding of compliance and regulatory areas such as GDPR, SOC 2, DORA, and ISO 27001.
* Excellent written and verbal communication skills.
* Strong analytical and problem-solving abilities.
* Proven ability to multi-task, prioritize, and adapt in a fast-paced environment.
* Experience working effectively in cross-functional teams and dynamic settings.
Preferred Qualifications:
* Certifications such as CISSP or CRISC.
* Experience performing information security audits or risk assessments.
* Familiarity with customer security questionnaires, RFIs, RFPs, and security auditing processes.
* Knowledge of Digital Operational Resilience Act (DORA).
* Experience developing security standards and guidelines based on industry best practices.