Senior GRC Analyst

📋 Description

• Governance & Policy: Maintain and improve information security policies and controls.
• Control Mapping: Map policies/controls to SOC 2, ISO 27001/27002, HITRUST, NIST CSF.
• Policy Operations: Support policy exceptions, risk acceptances, remediation tracking.
• Compliance & Audit Readiness: Support SOC 2, ISO 27001, HITRUST readiness and audits.
• Risk Management: Support risk assessments and maintenance of the risk register.
• Customer Assurance: Own or support security questionnaires, RFP sections, due diligence docs.

🎯 Requirements

• 5+ years in GRC or information security, IT audit, risk management, or related field.
• Hands-on SOC 2 audits and readiness experience.
• Knowledge of ISO 27001/27002, HITRUST, NIST CSF or similar frameworks.
• Experience maintaining security policies, controls, evidence repositories, and audit docs.
• Experience supporting internal/external audits, evidence collection, remediation tracking.
• Strong written communication and stakeholder updates.

🎁 Benefits

• 95% medical, dental, and vision coverage.
• $250 WFH setup stipend.
• $500/year Learning & Development Benefit.
• $150/month cell phone + internet.
• $100/month Wellness.
• Flexible PTO.