Senior GRC Analyst

Overview

Remote
Depends on Experience
Contract - W2

Skills

Vendor risk assessments
third-party security integration review
ISO 27001/NIST/SOC2/PCI DSS compliance
IT control frameworks (COBIT)
security control domains (IAM
data security
network security)
vulnerability management
security architecture
audit support
GRC tools
OneTrust
RSA Archer
CISSP
CISA
CISM
CEH

Job Details

Job Overview:

We are seeking a Senior GRC (Governance, Risk, and Compliance) Analyst to join our security team. This is a fully remote position. The ideal candidate will be responsible for conducting vendor risk assessments, supporting security audits, and driving secure implementation of vendor integrations. You ll work closely with internal stakeholders, auditors, and engineering teams to ensure adherence to security frameworks and regulatory standards.

Key Responsibilities:

  • Conduct vendor risk assessments across all security domains.
  • Perform technical security assessments of third-party integrations (e.g., APIs, SFTP) to validate secure implementation.
  • Maintain and enhance the Customer Trust knowledge base.
  • Respond to customer security assessment requests.
  • Support customer audits and related documentation efforts.

Required Skills & Experience:

  • Practical expertise in security frameworks such as:
    SANS Critical Security Controls, CIS Controls, ISO 27001, NIST SP 800-53, PCI DSS, SOC2.
  • Solid understanding of IT control frameworks like COBIT and IT General Controls.
  • In-depth knowledge of risk and controls concepts in information security.
  • Hands-on experience across control domains such as IAM, Data Security, Network Security, SDLC, Logging & Monitoring, etc.
  • Technical proficiency in security controls like encryption, logical access, secure coding, vulnerability management, and security architecture.
  • Strong experience conducting vendor risk assessments and translating technical risk into business impact.
  • Familiarity with risk treatment and exception processes.
  • Understanding of security architecture (authentication, authorization, encryption of data in transit/at rest).
  • Experience with tools such as OneTrust (or similar) for vendor risk and audit management is a plus.
  • Ability to communicate clearly with technical teams, stakeholders, and auditors.
  • High attention to detail and excellent documentation habits.

Education & Certifications:

  • Bachelor s Degree in Technology, Risk Management, or related field.
  • Preferred certifications:
    CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor or Lead Implementer.

Regards,
Gaganpreet Singh
Senior Talent Executive
;/p>

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.