Senior Security GRC Analyst

📋 Description

• Conduct risk assessments for security exceptions and issues across Information Security, Technology, and Corporate Engineering, and recommend appropriate risk treatment actions.
• Perform security and technology control testing, including evaluating control design and operating effectiveness, and track remediation through closure.
• Partner with engineering leaders and entity CISOs to provide clear reporting on risk posture and alignment with enterprise standards and regulatory requirements.
• Support regulatory exams, audits, and due diligence activities, including SOC and ISO engagements, and coordinate responses across internal contributors.
• Monitor and report on risk metrics and trends to identify gaps, improve processes, and strengthen governance and resilience practices.
• Contribute to automation and AI-enabled improvements within the GRC function to streamline control testing, reporting, and risk management workflows.

🎯 Requirements

• Bachelor's degree in Computer Science, Engineering, Information Systems, Finance, or a related field, or equivalent practical experience.
• 5+ years of experience in security, technology risk, audit, or governance, risk, and compliance within a regulated industry (e.g., financial services, insurance, healthcare, legal).
• Experience conducting control testing, risk assessments, and supporting regulatory exams, including familiarity with SOC 2 and ISO frameworks.
• Understanding of how policies and standards support risk management and regulatory compliance, and experience managing exception governance processes.
• Ability to communicate effectively with senior leaders, including Directors and above, and guide discussions on risk posture and remediation plans.
• Experience working with GRC platforms and standard productivity tools.

🎁 Benefits

• Experience working in a technology-focused company operating under regulatory oversight.
• Experience in a publicly traded company or other regulated financial services environment.
• Relevant certifications such as CISSP, CRISC, CGRC, or similar credentials.
• Experience contributing to automation or AI initiatives within risk, audit, or compliance programs.
• Experience guiding or mentoring team members and interest in building a small team as program needs grow.