GRC Analyst

The Sr. Analyst will oversee and coordinate internal risk assessments, focusing on IT systems, applications, and infrastructure, ensuring they meet security standards and compliance requirements. This role requires a primary focus of internal risk evaluation and some third-party risk management, with an emphasis on synthesizing information into actionable insights. The individual will generate comprehensive reports (using tools like TrustCloud or ArmorCode) to quantify risk, determine potential losses, and provide recommendations to senior management.

Key Responsibilities:

• Internal Risk Assessments: Evaluate IT systems, applications, and vendor interactions, ensuring they meet security requirements. Assess risks using methodologies such as FAIR (Factor Analysis of Information Risk).
• Third-Party Risk Management: While third-party risk management is largely outsourced, you will assess when internal decisions are needed and make recommendations regarding potential risk exposures from external vendors.
• Reporting & Decision Support: Synthesize data from risk assessments to generate PowerPoint reports that quantify risks, potential losses, and provide actionable recommendations for mitigation.
• Collaboration: Work with business units to ensure risk management processes are integrated into new project implementations and promptly raise awareness of any high-level risks to senior management.
• Continuous Improvement: Drive improvements in risk management practices using key metrics and risk indicators.

Required Experience & Skills:

• 6 years in Governance, Risk, and Compliance (GRC), with a focus on internal risk evaluation and IT system security.
• Experience conducting internal IT risk assessments, including compliance with regulations such as HIPAA, PCI, and ISO frameworks.
• Strong understanding of risk quantification methodologies like FAIR, and the ability to synthesize complex information into clear, actionable reports.
• Proficiency in risk management tools like TrustCloud or ArmorCode for reporting and analysis.
• Experience working with third-party vendors, but a focus on internal risk assessment rather than purely third-party management.
• Excellent communication skills with the ability to prepare executive-level risk reports and provide clear recommendations.

Qualifications:

• Bachelor’s degree or 5 years of relevant experience.
• Certifications such as CRISC, CISA, CISSP, or FAIR are a plus.
• Strong proficiency in Microsoft Office Suite (Word, Excel, PowerPoint) for report generation and data analysis.

Additional Requirements:

• Ability to work independently, manage multiple tasks, and collaborate effectively with cross-functional teams.

This is an excellent contract to hire position converting to a direct hire with-in 3 to 6 months.

Apply Now.