GRC Compliance Analyst

RESPONSIBILITIES:
Kforce has a client in Cottonwood Heights, UT that is seeking a Senior Cyber Compliance/GRC Analyst to support a Compliance Maturity Uplift initiative within a broader Cyber Acceleration Program. This is a senior, hands-on delivery role focused on cyber compliance analysis, framework development, and executive- and board-level reporting. The role works closely with Australia-based delivery teams and periodically with Europe-based stakeholders. This position is delivery-focused and does not include ownership of audits, certifications, or technical security engineering responsibilities.

Key Responsibilities:
* Lead engagement with stakeholders to develop and maintain a comprehensive inventory of legal, contractual, and regulatory cybersecurity requirements
* Perform and lead current-state compliance gap analyses, including prioritized recommendations and roadmaps for: GDPR and CCPA
* Design and establish a cyber compliance framework to support collaboration and regulatory reporting
* Develop and own RACI matrices for all cyber compliance activities
* Establish and mature compliance tracking mechanisms, assessment schedules, and continuous assurance capabilities
* Prepare and present board-ready and executive-level reports on compliance maturity and risk exposure
* Design and implementation of a compliance tracking mechanism to monitor remediation progress
* Initiation and coordination of compliance remediation activities based on gap analysis
* Scheduling and execution of recurring compliance assessments
* Ongoing board-level compliance maturity and risk reporting

REQUIREMENTS:
* To be considered for this position, candidates must have experience in a similar role, or they must possess significant knowledge, experience, and abilities to successfully perform the responsibilities listed
* Relevant education and/or training will be considered a plus

Deliverables:
* Enterprise-wide inventory of cybersecurity compliance requirements by jurisdiction and regulation
* Current-state compliance assessment with prioritized remediation recommendations
* Two-year compliance remediation roadmap aligned to enterprise priorities
* Compliance framework including effort estimates, RACI model, and cost projections
* Identification of near-term compliance -quick wins- achievable before the end of FY26

Role Boundaries:
* Does not own audits or regulatory certifications
* Does not implement or remediate technical security controls
* Does not perform SOC, incident response, or security engineering activities

The pay range is the lowest to highest compensation we reasonably in good faith believe we would pay at posting for this role. We may ultimately pay more or less than this range. Employee pay is based on factors like relevant education, qualifications, certifications, experience, skills, seniority, location, performance, union contract and business needs. This range may be modified in the future.

We offer comprehensive benefits including medical/dental/vision insurance, HSA, FSA, 401(k), and life, disability & ADD insurance to eligible employees. Salaried personnel receive paid time off. Hourly employees are not eligible for paid time off unless required by law. Hourly employees on a Service Contract Act project are eligible for paid sick leave.

Note: Pay is not considered compensation until it is earned, vested and determinable. The amount and availability of any compensation remains in Kforce's sole discretion unless and until paid and may be modified in its discretion consistent with the law.

This job is not eligible for bonuses, incentives or commissions.

Kforce is an Equal Opportunity/Affirmative Action Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, pregnancy, sexual orientation, gender identity, national origin, age, protected veteran status, or disability status.

By clicking ?Apply Today? you agree to receive calls, AI-generated calls, text messages or emails from Kforce and its affiliates, and service providers. Note that if you choose to communicate with Kforce via text messaging the frequency may vary, and message and data rates may apply. Carriers are not liable for delayed or undelivered messages. You will always have the right to cease communicating via text by using key words such as STOP.