Overview
Skills
Job Details
Vaco is partnering with an enterprise client on the search for an GRC Analyst to support compliance initiatives, security audits, and metrics reporting across the organization. This is a 4 month contract position supporting the company’s risk management and information security functions.
This role is ideal for someone with strong experience in IT audit readiness, compliance frameworks, and security metrics, who can bridge the gap between technical controls and business stakeholders.
What You’ll Do
Security & Compliance Support
Coordinate internal and external IT audit activities, including scheduling walkthroughs and managing evidence requests.
Work cross-functionally to gather and organize audit documentation from various business units.
Map security controls to system configurations and ensure documentation is updated and accessible.
Security Metrics & Reporting
Collaborate with compliance and risk teams to define and report on key security metrics.
Build and maintain dashboards to track trends, identify potential risks, and inform decision-making.
Ensure data quality, accuracy, and consistency across reports and documentation.
Awareness & Best Practices
Partner with internal teams (L&D, Comms, Risk) to enhance security awareness initiatives.
Contribute to the development of security configuration standards and assist in policy enforcement.
Support incident response activities related to system misconfigurations, as needed.
What You Bring
Required:
5+ years of experience in information security, IT audit, or GRC-related roles
Solid understanding of compliance frameworks and audit processes
Strong communication and stakeholder engagement skills
Excellent documentation and project management abilities
Security+ certification
Preferred:
CISA, CISSP, or CISM certifications
Prior experience in highly regulated industries (finance, healthcare, etc.)
Familiarity with enterprise risk management tools or GRC platforms
Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual’s skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company’s 401(k) retirement plan.