GRC Analyst
Glocomms is partnered with a leading IT and Cloud Computing firm seeking an Information Security Governance, Risk & Compliance (GRC) Analyst to support and enhance the organization's security governance, risk management, and compliance programs. This individual will play a key role in identifying and managing information security risks, maintaining governance frameworks, overseeing third-party risk processes, and ensuring alignment with industry standards and regulatory requirements. The ideal candidate is a collaborative security professional who can effectively balance business objectives with risk management and compliance needs.
Responsibilities
- Manage security governance, risk management, and compliance activities across the organization.
- Conduct risk assessments and maintain the enterprise risk register.
- Lead third-party and vendor risk assessment processes.
- Develop and maintain information security policies, standards, and procedures.
- Participate in security reviews, change management reviews, and risk discussions.
- Track security exceptions and support remediation efforts.
- Monitor compliance with security frameworks and regulatory requirements.
- Create risk reports, dashboards, and executive-level updates.
- Partner with engineering, legal, HR, operations, and business teams on security initiatives.
- Drive continuous improvement of governance and risk management processes.
Qualifications
- 5+ years of experience in Information Security, GRC, Risk Management, Compliance, or Audit.
- Experience conducting security risk assessments and managing risk remediation activities.
- Knowledge of third-party risk management and vendor security reviews.
- Experience developing security policies, standards, and governance documentation.
- Familiarity with frameworks such as ISO 27001, SOC 2, NIST CSF, NIST 800-53, and CIS Controls.
- Experience with GRC platforms such as ServiceNow GRC, Archer, Vanta, Drata, or Hyperproof.
- Strong communication, documentation, and stakeholder management skills.
- Certifications such as CISM, CRISC, CISA, CISSP, or ISO 27001 certifications are preferred.
Benefits
- Competitive base salary and annual bonus.
- Comprehensive medical, dental, and vision coverage.
- 401(k) with company match.
- Generous paid time off and company holidays.
- Flexible work environment, including hybrid or remote options where applicable.
FAQs
Congratulations, we understand that taking the time to apply is a big step. When you apply, your details go directly to the consultant who is sourcing talent. Due to demand, we may not get back to all applicants that have applied. However, we always keep your resume and details on file so when we see similar roles or see skillsets that drive growth in organizations, we will always reach out to discuss opportunities.
Yes. Even if this role isn’t a perfect match, applying allows us to understand your expertise and ambitions, ensuring you're on our radar for the right opportunity when it arises.
We also work in several ways, firstly we advertise our roles available on our site, however, often due to confidentiality we may not post all. We also work with clients who are more focused on skills and understanding what is required to future-proof their business.
That's why we recommend registering your resume so you can be considered for roles that have yet to be created.
Yes, we help with resume and interview preparation. From customized support on how to optimize your resume to interview preparation and compensation negotiations, we advocate for you throughout your next career move.
