Overview
Skills
Job Details
Position Overview:
The Governance, Risk, and Compliance (GRC) Analyst is responsible for managing cybersecurity regulatory compliance, privacy program oversight, audit readiness, and disaster recovery coordination. This role ensures the organization adheres to evolving legal and regulatory requirements while protecting sensitive data and business continuity. The ideal candidate will possess strong knowledge of cybersecurity regulations, privacy frameworks, and risk management practices, along with the ability to work cross-functionally to support a resilient and compliant security posture.
Key Responsibilities:
1. Regulatory Compliance & Privacy Oversight
Lead compliance efforts for regulations such as GDPR, HIPAA, CCPA, PCI-DSS, and SOX.
Monitor legal requirements and coordinate responses to regulatory inquiries.
Develop compliance training programs and maintain ongoing audit readiness.
Support the creation and maintenance of privacy policies and procedures.
2. Disaster Recovery & Business Continuity
Plan and execute disaster recovery (DR) and business continuity plan (BCP) tests.
Identify and remediate gaps in preparedness.
Maintain and report DR/BCP metrics and documentation for continuous improvement.
3. Business Impact Analysis (BIA)
Conduct cybersecurity-focused BIAs to identify critical business processes.
Define and update Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) with key stakeholders.
4. Incident Response Compliance
Oversee the compliance and reporting aspects of incident response.
Create post-incident documentation aligned with legal and regulatory requirements.
Coordinate breach notifications and escalation procedures.
5. Privacy Program Management
Conduct Privacy Impact Assessments (PIAs) for new systems and initiatives.
Collaborate across departments to manage data lifecycle and privacy risks.
6. Vendor Contract Compliance
Work with procurement and legal teams to ensure cybersecurity and privacy clauses are embedded in vendor agreements.
Conduct regular third-party risk assessments to ensure ongoing compliance.
7. Legal Advisory & e-Discovery
Lead e-discovery and forensic investigations ensuring proper chain of custody.
Collaborate with legal counsel to address legal obligations in cybersecurity and privacy matters.
8. Supervision & Cross-Functional Collaboration
Supervise junior compliance analysts and regulatory support staff.
Partner with IT, Legal, and Security Operations to ensure cohesive compliance tracking and execution.
Review audit findings and recommend improvements to reduce risk.
Qualifications:
Required:
Bachelor s degree in Cybersecurity, Information Systems, Law, or a related field.
5+ years of experience in GRC, cybersecurity compliance, privacy, or audit.
Strong knowledge of regulations such as HIPAA, CCPA, GDPR, PCI-DSS, and SOX.
Familiarity with compliance standards (ISO 27001, NIST 800-53, NIST 800-82).
Experience with disaster recovery testing, BIAs, and incident response coordination.
Excellent organizational, analytical, and communication skills.
Preferred:
Relevant certifications (e.g., CISA, CIPM, CRISC, CIPP).
Experience in energy, critical infrastructure, or regulated industries.
Demonstrated success in leading audits and working with regulators