Security Risk Assessment Analyst

Our client is expanding their Governance, Risk, and Compliance (GRC) team within their security practice. This position provides a unique opportunity to shape and elevate GRC efforts by combining technical expertise, risk assessment skills, and regulatory knowledge. This position requires to be onsite 3 days a week East of the Twin Cities.

As a GRC Analyst, you will execute and enhance GRC practices, conduct detailed security risk assessments, and ensure compliance with industry-standard security frameworks. You will analyze architecture and design in diverse environments (e.g., network, servers, applications, IAM), identify security control gaps, recommend mitigating measures, and deliver comprehensive documentation. You will also present risk escalations to leadership, track and monitor identified risks, and contribute to the continuous improvement of organizational security practices.

This role is well-suited for candidates with:

A collaborative mindset, coupled with strong technical expertise.

5 7 years of experience in networking, system administration, or infrastructure/operations.

3 5 years of hands-on experience with information security practices.

Familiarity with cloud technologies (AWS, Azure, OCI), covering SaaS, PaaS, and IaaS models, including deployment, provisioning, and security implementations.

Expertise with security tools and technologies such as firewalls, IDS/IPS, and SIEM solutions.

Basic understanding of penetration testing and the ability to interpret deliverables like pen test or compliance reports.

The ability to distill complex security concepts into actionable insights for leadership and cross-functional teams.

A demonstrated track record of bolstering GRC initiatives and increasing security program maturity.

Benefits

Eligible contract and temporary employees have access to:

Medical, dental, vision, life, and disability insurance

Enrollment into the Robert Half 401(k) plan

Additional benefit details are available at roberthalf.gobenefits.net.