Lead GRC Analyst (IT/Security)

Manor, TX, US • Posted 11 hours ago • Updated 11 hours ago
Full Time
On-site
Fitment

Dice Job Match Score™

⏳ Almost there, hang tight...

Job Details

Skills

  • Integrated Circuit
  • Smartphones
  • Artificial Intelligence
  • Semiconductors
  • Innovation
  • FOCUS
  • Information Security
  • Incident Management
  • Program Development
  • Strategic Thinking
  • Security Controls
  • IT Risk Management
  • Workflow Optimization
  • Cloud Computing
  • Workflow
  • Mapping
  • Gap Analysis
  • Partnership
  • Design Documentation
  • Internal Control
  • IT Operations
  • Change Management
  • Backup
  • Recovery
  • Asset Management
  • Business Process
  • SOP
  • Technical Drafting
  • Routing
  • Training
  • Continuous Improvement
  • Change Control
  • Organized
  • Collaboration
  • Legal
  • Finance
  • Leadership
  • Process Modeling
  • Cadence
  • Roadmaps
  • Technical Direction
  • Knowledge Sharing
  • Mentorship
  • SAP GRC
  • IT Governance
  • IT Audit
  • Information Systems
  • Information Technology
  • Cyber Security
  • Computer Science
  • Accounting
  • Risk Management
  • ISACA
  • CISA
  • CISM
  • CISSP
  • IT Risk
  • Testing
  • Auditing
  • Reporting
  • Sarbanes-Oxley
  • ISO/IEC 27001:2005
  • System On A Chip
  • IT Security
  • Communication
  • Documentation
  • Dashboard
  • Organizational Skills
  • Management
  • Regulatory Compliance

Summary

Join UCT and be part of the fastest-growing sector in the world! We indirectly touch every semiconductor chip that goes into every smartphone, smart car, and device that uses artificial intelligence. This is a critical time for the semiconductor industry and for UCT - as technology evolves, we evolve with it. UCT is a diverse workplace where every talented employee is committed to continuous innovation, challenging the status quo and exceeding customer expectations. If you are a person with a relentless drive to succeed, a strong focus on quality with a passion for success - join us today!

UCT is looking for a talented Analyst III, IT Infosec to join us in Austin, TX!

Analyst III, IT Information Security is a contributor responsible for strengthening the organization's security posture through analysis, detection, incident response, and security program development. This role blends technical expertise with strategic thinking, ensuring that security controls, policies, and processes effectively protect systems, data, and users across the enterprise.

Role Overview
  • The UCT GRC Specialist will support the design, execution, and maturity of UCT's IT governance, risk, and compliance program. This role is responsible for coordinating IT risk management activities, supporting control design and testing, maintaining audit-ready evidence, and partnering with IT, Security, Legal, Finance, HR, Operations, and business stakeholders to embed compliance into day-to-day processes.
  • The role will help maintain a structured GRC program aligned with applicable regulatory requirements, SOX obligations, cybersecurity frameworks, internal policies, and UCT's risk appetite. The specialist will also support continuous improvement initiatives, including automation, workflow optimization, reporting, and development of playbooks and self-service resources.

Third-Party Risk Management & Vendor Governance
  • Support the vendor and cloud service provider risk review process, including intake, security questionnaire review, SOC 2 report review, architecture and access considerations, contract support, risk documentation, and stakeholder follow-up.
  • Evaluate vendor security posture in coordination with technical subject matter experts and document risks, compensating controls, remediation commitments, and risk acceptance decisions where applicable.
  • Maintain vendor risk records and support reporting on third-party risk themes, overdue remediation items, and exceptions that require management awareness.

Compliance Automation, Reporting & Continuous Improvement
  • Administer, optimize, and support GRC and compliance automation platforms to improve workflow efficiency, reduce manual effort, and strengthen reporting consistency.
  • Develop and maintain compliance metrics, dashboards, process trackers, and executive reports to communicate program status, control performance, audit readiness, and remediation progress.
  • Identify opportunities to streamline recurring compliance activities, standardize evidence collection, automate reminders, and improve stakeholder visibility into open tasks and deadlines.

Risk Register Stewardship
  • Establish, maintain, and mature the Enterprise IT Risk Register, including risk identification, categorization, likelihood and impact scoring, ownership assignment, risk response, and status tracking.
  • Partner with risk owners to develop and monitor risk treatment plans, track remediation progress, and escalate high or critical risks when timelines, ownership, or mitigation plans require leadership attention.
  • Develop and present risk dashboards, compliance metrics, and executive-ready reports that provide leadership with a clear view of UCT's IT risk environment, control gaps, remediation status, and program maturity.

Framework Implementation, Control Design & Gap Analysis
  • Support the scoping, design, and maturity of UCT's IT compliance program by mapping IT controls to applicable frameworks and requirements, including SOX, ITexpectations, CIS, NIST CSF, ISO 27001, SOC 2, and other relevant regulatory or customer obligations.
  • Perform control gap analyses, document findings, assess control maturity, and develop remediation roadmaps in partnership with control owners, system owners, and process owners.
  • Design, document, and improve internal controls and common control frameworks to support evolving compliance requirements, reduce duplication, and improve consistency across applications, infrastructure, and business processes.

Site Walkthroughs & Operational Assessments
  • Plan, coordinate, and perform site walkthroughs to evaluate local IT operations, physical and logical access practices, change management procedures, backup and recovery processes, asset management, and compliance with established IT policies and control requirements.
  • Partner with site IT teams, business process owners, and control owners to understand local procedures, validate control operation, identify process gaps, and confirm that documented practices align with actual operating activities.
  • Document walkthrough observations, risks, control gaps, evidence requirements, and remediation actions in a clear and audit-ready format.
  • Track site walkthrough findings through remediation, escalate significant issues where appropriate, and summarize recurring themes for leadership reporting and broader control improvement initiatives.

Policy, SOP & Governance Support
  • Draft, maintain, and periodically review IT policies, standards, procedures, and control documentation to ensure alignment with regulatory requirements, internal governance expectations, and operational practices.
  • Manage the policy and SOP lifecycle, including drafting, stakeholder review, approval routing, publication, periodic recertification, and evidence-based validation of operating procedures.
  • Develop training materials, playbooks, and self-service resources that help IT and business teams understand compliance expectations and meet requirements efficiently.

Control Testing, Evidence Collection & Audit Readiness
  • Lead or support control design walkthroughs and tests of operating effectiveness, including evidence collection, effectiveness validation, exception identification, remediation tracking, and continuous improvement.
  • Prepare and support control owners and process owners for internal and external audits by reviewing people, processes, technologies, key configurations, and supporting evidence for completeness and audit readiness.
  • Build and maintain a centralized evidence repository to ensure change control records, access reviews, control attestations, remediation artifacts, and other compliance documentation are organized, current, and available for audit requests.
  • Coordinate audit evidence requests across IT and business teams, track completion against defined timelines, and communicate status, blockers, and escalation needs to stakeholders.

Access Governance & User Access Reviews
  • Define, maintain, and support the schedule and standards for periodic user access reviews of SOX-relevant and mission-critical systems.
  • Validate completed access reviews against least privilege, segregation of duties, and business need requirements; document findings, exceptions, and evidence of review completion.
  • Track remediation of excessive, inappropriate, or stale access identified during reviews and support reporting to control owners, system owners, and leadership.

Cross-Functional Collaboration & Program Support
  • Partner with IT, Security, Engineering, Product, Legal, HR, Finance, Operations, and business stakeholders to integrate compliance requirements into processes, technology changes, vendor decisions, and operational practices.
  • Communicate effectively with technical and non-technical stakeholders on IT risk, control design, remediation expectations, audit requests, and program reporting.
  • Manage multiple GRC initiatives simultaneously while keeping stakeholders informed, maintaining schedules, tracking deliverables, and escalating risks to timely completion.

Program Leadership Scope
  • Support the design of the overall GRC program structure, including process design, tooling strategy, control framework alignment, operating cadence, and prioritization roadmap.
  • Help establish scalable GRC policy, methodology, documentation, and reporting standards as the function grows.
  • Represent GRC in cross-functional governance discussions and advise stakeholders on risk-based prioritization, control expectations, and remediation planning.
  • Provide technical direction, knowledge sharing, and mentoring support to additional GRC team members as the function expands.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice.

Minimum Qualifications
  • Minimum of 3 years of experience in IT governance, risk, compliance, IT audit, cybersecurity compliance, IT controls, third-party risk management, or a related field.
  • Bachelor's degree in Information Systems, Information Technology, Cybersecurity, Computer Science, Accounting, Business, Risk Management, or a related field, or equivalent practical experience.
  • Professional certification preferred, such as CRISC, CISA, CISM, CISSP, or other relevant IT risk, audit, security, or compliance certification.
  • Experience supporting IT risk register activities, control testing, evidence collection, audit readiness, remediation tracking, compliance reporting, or site walkthroughs.
  • Working knowledge of IT control frameworks and compliance requirements such as SOX, IT CIS, NIST CSF, ISO 27001, SOC 2, or similar frameworks.
  • Ability to partner with IT, Security, business, site teams, vendors, and control owners to document processes, validate control operation, identify gaps, and support remediation.
  • Strong written and verbal communication skills, with the ability to prepare clear documentation, walkthrough notes, risk summaries, control summaries, dashboards, and stakeholder updates.
  • Strong organizational skills with the ability to manage multiple priorities, track deadlines, follow up on open items, and support recurring compliance activities.

Ultra Clean Technology is proud to be an equal-opportunity employer. We are committed to equal employment opportunity regardless of race, color, national or ethnic origin, age, religion, disability, sexual orientation, gender, gender identity and expression, marital status, and any other characteristic protected under laws and regulations.

Equal Opportunity Employer
This employer is required to notify all applicants of their rights pursuant to federal employment laws. For further information, please review the Know Your Rights notice from the Department of Labor.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
  • Dice Id: RTX15720e
  • Position Id: fc70da48535cc4e170f66361511d0c02
  • Posted 11 hours ago
Create job alert
Set job alertNever miss an opportunity! Create an alert based on the job you applied for.

Similar Jobs

Austin, Texas

Today

Full-time

Austin, Texas

Today

Full-time

Austin, Texas

Today

Full-time

USD 5,797.66 - 9,500.00 per month

No location provided

Today

Full-time

USD 182,000.00 - 273,000.00 per year

Search all similar jobs