GRC Analyst

Job Description:
As an IT Analyst, Security GRC, you will play a critical role in strengthening and scaling the organization’s IT and OT governance, risk, and compliance programs. This position sits at the intersection of cybersecurity, application management, and regulatory compliance—ensuring systems, processes, and documentation meet evolving security and regulatory standards. You will support the administration and continuous improvement of GRC tools and processes, drive document governance, and partner with stakeholders to ensure compliance readiness. Your work will directly impact the organization’s ability to manage risk, maintain secure operations, and meet regulatory obligations across both IT and operational environments.

Requirements:
• 2-4 years of experience in IT Governance, Risk, and Compliance (GRC), including hands-on involvement with policy development, control frameworks, and regulatory compliance in IT and/or OT environments
• Experience administering or supporting GRC platforms (OneTrust) or enterprise applications, including user access management, system configuration, and enforcement of security and acceptable use policies
• Strong experience in document management and governance, including creating, reviewing, and maintaining policies, standards, procedures, and audit-ready documentation
• Proven ability to collaborate with stakeholders and communicate effectively, including leading document reviews, supporting audits, and translating regulatory or technical requirements into actionable guidance
• Working knowledge of cybersecurity frameworks and regulations, such as NIST CSF, NIST 800-series (e.g., 800-82, 800-63), TSA Security Directives, or MTSA, with experience applying them in practice

Nice to have:
• Industry certifications such as Security+, CISSP, CISM, CRISC, or other credentials from ISC2, ISACA, SANS, or CompTIA
• Experience with IT/OT environments, industrial systems, or regulated industries (e.g., energy, utilities), and familiarity with audit processes and compliance reporting

Responsibilities:
• Support the implementation and ongoing maturity of IT and OT GRC programs, including policy development, control validation, and regulatory alignment (e.g., NIST, TSA, MTSA)
• Administer and support GRC and related applications, including managing user access, enforcing acceptable use policies, configuring system settings, and ensuring proper security controls are in place
• Lead and facilitate document review sessions with stakeholders to ensure policies, standards, and procedures are accurate, compliant, and aligned with business objectives
• Manage the full document lifecycle, including creation, version control, retention, and audit readiness for policies, standards, procedures, and control documentation
• Provide application and system support, including troubleshooting issues, supporting upgrades, testing new releases, and staying current on system enhancements and capabilities
• Collaborate cross-functionally to identify process improvement opportunities, address gaps in controls or documentation, and support internal and external audit activities