Overview
Job Details
Sr. GRC Analyst
- Nashville, TN | Hybrid (Tues–Thurs onsite)
- 6-Month Contract-to-Hire | Full-Time (40 hrs/week)
A global professional services organization is hiring a Sr. GRC Analyst to support its growing Information Assurance program, based in downtown Nashville. This is a high-impact role focused on scaling compliance efforts, streamlining audits, and building a robust common control framework—working directly with the GRC manager in a small, agile team.
What You’ll Do:
-
Lead and support audits (SOC II, ISO 27001, FedRAMP) including audit evidence collection and control mapping
-
Build and maintain a common control framework across multiple standards (ISO, NIST, CMMC)
-
Own policy governance, risk tracking, and third-party vendor risk management
-
Drive internal compliance initiatives including risk registers, control testing, and GRC tool optimization (UpGuard, KnowBe4, Loopio)
-
Conduct security awareness training and phishing simulations
-
Support contract reviews and internal assessments to ensure client and regulatory trust
What We're Looking For:
-
5+ years of GRC, audit, or IT compliance experience in a corporate or professional services environment
-
Experience with SOC II, ISO 27001, or FedRAMP frameworks
-
Proven ability to manage audits, gather documentation, and build policies from scratch
-
Familiarity with enterprise risk registers, third-party assessments, and security awareness campaigns
Why This Role Stands Out:
-
Hybrid flexibility with a relaxed, in-office dress code (jeans welcome)
-
Paid parking in a landmark downtown Nashville building
-
Work directly with a seasoned GRC leader, with plenty of opportunity for ownership and process improvement
-
Stable, collaborative team culture with long tenure and room for career growth
-
No client-facing responsibilities — focus is entirely on internal security and compliance