Governance Risk & Compliance (GRC) Analyst

Governance, Risk & Compliance (GRC) Analyst

Role Overview

The GRC Analyst supports the Global Information Security Office by driving governance, risk management, and compliance initiatives across the organization. This role requires a proactive, flexible professional who can operate in a fast-changing environment, communicate effectively with leadership, and quickly take ownership of key GRC activities.

• Support company-wide information security risk assessments for projects, systems, and vendors.
• Assist with internal and external audits (e.g., J-SOX), evidence collection, and remediation tracking.
• Maintain compliance with ISO 27001, NIS2, GDPR, and other regulatory frameworks.
• Contribute to policy development, updates, and global rollout.

• Conduct vendor security assessments, review questionnaires, validate controls, and document findings.
• Escalate high-risk issues and support mitigation follow-up.

• Develop and maintain dashboards, including the CISO Dashboard.
• Collect, validate, and analyze KPIs/KRIs related to compliance, risk, audits, incidents, and training.
• Present insights to leadership with clear, accurate reporting.

• Support security awareness initiatives, including e-learning content, phishing exercises, and internal communications.

• Track global cybersecurity regulatory changes (e.g., NIS2, ICS/OT requirements, FDA expectations).
• Support gap assessments and compliance readiness.

• Assist in evaluating risks related to AI systems and third-party AI tools.
• Support governance controls for secure AI use.

• Improve GRC processes, tools, and documentation.
• Support internal projects, automation efforts, and cross-functional initiatives.
• Provide coordination for security committees and working groups.

• 3-5+ years in information security, GRC, IT audit, or risk management.
• Strong communication skills; comfortable engaging with leadership.
• Experience with ISO 27001 and NIS2 (required).
• Experience conducting or supporting risk assessments and audits.
• Understanding of vendor security assessment processes.
• Ability to work independently in a dynamic environment with shifting priorities.

• Experience with GRC platforms (e.g., BitSight, Drata, OneTrust, Archer).
• Familiarity with cybersecurity domains (IAM, endpoint security, cloud, vulnerability management).
• Data analysis and dashboard/reporting experience.
• Awareness of emerging regulations (NIS2, AI governance, critical infrastructure).
• Experience working with global teams.

• Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field-or equivalent experience.
• Certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Implementer/Auditor are a plus.

Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.

Contact:

This job and many more are available through The Judge Group. Please apply with us today!