GRC Business analyst

  • Cambridge, MA
  • Posted 17 hours ago | Updated 17 hours ago

Overview

On Site
Depends on Experience
Accepts corp to corp applications
Contract - W2
Contract - Independent
Contract - 12 Month(s)
No Travel Required

Skills

GRC
RSA Archer
ServiceNow GRC
MetricStream.

Job Details

Job Title : GRC Business analyst

Location: Cambridge, MA, USA

Duration: Long term

Job Type : Contract

Responsibilities:

We are seeking a detail-oriented and proactive Business Analyst with strong experience in Governance, Risk, and Compliance (GRC) to join our dynamic team. The ideal candidate will serve as a key liaison between business stakeholders, risk/compliance teams, and technology partners, helping to analyze, implement, and enhance GRC processes, frameworks, and systems. This role requires a solid understanding of OneTrust, Consent Management, regulatory requirements, risk management principles, and GRC platforms such as RSA Archer, ServiceNow GRC, or MetricStream.

Key Responsibilities:

  • Gather, document, and analyze business requirements for GRC-related initiatives
  • Collaborate with compliance, internal audit, and IT security teams to understand risk and regulatory obligations.
  • Assist in the design, implementation, and optimization of GRC platforms and workflows.
  • Support the development of risk control matrices, compliance checklists, and audit trails.
  • Facilitate stakeholder workshops to align Consent management and risk management processes with business objectives.
  • Analyze current-state processes and recommend improvements to enhance compliance efficiency and effectiveness.
  • Ensure traceability of requirements throughout the lifecycle of GRC projects.
  • Generate reports and dashboards to provide insights into risk posture and compliance status.
  • Participate in system testing, user acceptance testing (UAT), and documentation of test results.
  • Act as a bridge between technical teams and risk/compliance users to ensure successful delivery.

Qualifications:

  • Strong understanding of GRC concepts, risk frameworks (e.g., COSO, NIST, ISO 27001), and compliance regulations (e.g., SOX, GDPR, HIPAA).
  • Experience with one or more GRC platforms (e.g., RSA Archer, ServiceNow GRC, MetricStream).
  • Experience with implementation of Consent Management platform such as OneTrust and related integrations
  • Proficient in business analysis tools (e.g., JIRA, Confluence, MS Visio, Excel).
  • Excellent written and verbal communication skills.
  • Experience working in regulated industries (e.g., financial services, healthcare, life sciences) is a plus.
  • Professional certifications such as CISA, CRISC, CGEIT, or CBAP are a plus.

Preferred Skills:

  • Familiarity with audit processes and third-party risk management.
  • Understanding of data privacy and cybersecurity risks and protocols.
  • Proficiency with OneTrust or similar Consent management application.
  • Agile and Waterfall project delivery experience
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.