Governance Risk and Compliance Analyst

RESPONSIBILITIES:
Kforce has a client in McKinney, TX that is seeking a Governance Risk and Compliance Analyst to support IT Risk Management and Third-Party Risk Management (TPRM) within a growing cybersecurity program. This role is hands-on and execution-focused, supporting a fast-moving environment with frequent acquisitions that introduce new vendors, systems, and security risks. This is a long-term contract opportunity with a hybrid onsite schedule and a strong focus on measurable risk reduction.

Summary:
The GRC Analyst will be responsible for conducting IT and vendor risk assessments, maintaining risk registers, identifying control gaps, and supporting remediation efforts across the organization. A major focus of the role will be assessing and managing risk associated with critical third-party vendors, including reviewing detailed security questionnaires, scoring risk using defined risk matrices, and assigning risk ownership to business leaders.

This position also supports broader governance activities such as audit readiness, compliance reporting, risk committee engagement, and executive-level risk visibility. The team is actively maturing its GRC and TPRM processes, so the ideal candidate will be comfortable helping build and refine workflows, dashboards, and reporting rather than operating within a fully mature program.

Work will vary day-to-day based on priorities, particularly as new companies are acquired and integrated. This role requires someone who can operate independently, manage multiple assessments in parallel, and communicate effectively with technical teams, legal, procurement, and leadership.

REQUIREMENTS:
* 5+ years of experience in Cybersecurity GRC, IT Risk Management, or Third-Party Risk Management
* Hands-on experience conducting vendor security risk assessments
* Experience managing the vendor risk lifecycle (onboarding, periodic reviews, offboarding)
* Strong understanding of security and risk frameworks such as NIST, PCI-DSS, SOC 1/SOC 2, ISO 27001
* Experience maintaining IT risk registers, risk scoring, and remediation tracking
* Familiarity with reviewing large vendor security questionnaires (100+ questions)
* Experience supporting internal or external audits
* Experience with GRC platforms such as RSA Archer (preferred) or AuditBoard
* Exposure to risk dashboards, metrics, and executive reporting
* Highly organized and detail-oriented
* Self-starter who can ramp up quickly
* Comfortable working in a fast-paced, changing environment
* Able to accept feedback and collaborate across teams
* Strong written and verbal communication skills

Desired Experience:
* Experience supporting organizations undergoing frequent acquisitions or rapid growth
* Exposure to PCI assessments, penetration test findings, and compromised assessments
* Understanding of enterprise environments (e.g., Active Directory, Microsoft 365, identity platforms)

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.