(GRC) Analyst/Senior Analyst

Position: GRC Analyst Location: EST We are seeking a GRC Analyst / Senior Analyst with 5–7 years of experience in governance, risk, compliance, and information security. This role will support enterprise compliance initiatives, risk assessments, and audit readiness while working closely with cross-functional teams. Key Responsibilities: Governance & Policy • Support development, implementation, and maintenance of IT and information security policies, standards, and procedures. • Assist with policy governance, internal control documentation, and GRC tool administration. • Support compliance with healthcare, data privacy, and security regulations. RiskManagement • Conduct and support risk assessments, control testing, and remediation tracking. • Support alignment with frameworks such as NIST CSF and ISO 27001. Compliance & Audit • Support compliance activities for HIPAA, PCI-DSS, ISO 27001, and NIST. • Assist with internal and external audits, including evidence collection and response coordination. • Track audit findings and remediation efforts. Incident Response & Assurance • Support investigations of security incidents, privacy events, and policy violations. • Assist with customer security questionnaires and third-party risk assessments. Monitoring & Training • Assist in preparing compliance reports, risk dashboards, and audit readiness updates. • Support security awareness and compliance training initiatives. Required Qualifications • 5–7 years of experience in GRC, information security, risk management, or compliance. • Hands-on experience supporting audits and risk assessments. • Strong documentation, analytical, and communication skills. Preferred Qualifications • Certifications such as CISA, CRISC, ISO 27001. • Experience with GRC tools and third-party risk management. Remote Skills: Analysis Skills, CISA - Certified Information Systems Auditor, Communication Skills, Computer Security, Cross-Functional, Document Management, Documentation, External Audit, HIPAA (Health Insurance Portability and Accountability Act), Healthcare, ISO (International Organization for Standardization), Information/Data Security (InfoSec), Internal Audit, PCI-DSS, Privacy Controls, Regulations, Reporting Dashboards, Reporting Skills, Risk, Risk Analysis, Risk Management, Security Compliance, Testing, U.S. National Institute of Standards and Technology (NIST) About the Company: Global IT Con Apply tot his job Apply tot his job