GRC Analyst

Location: Houston, Texas

Job Type: Contract-to-perm

Key Responsibilities

• Support NIST CSF and ISO 27001 implementation; maintain NERC CIP compliance.
• Prepare documentation and processes for audits (internal, external, regulatory).
• Manage policy governance, version control, and internal communications.
• Monitor regulatory changes and assess impact on controls.
• Assist with audit readiness and execution for certifications (ISO 27001, NERC CIP).
• Track and coordinate remediation of audit findings.
• Maintain compliance documentation and evidence.
• Identify and document security and compliance risks.
• Support risk management lifecycle and maintain risk registers.
• Conduct vendor risk assessments and collaborate with procurement/legal teams.
• Develop dashboards and reports for compliance, audit, and risk metrics.
• Prepare executive materials for risk and governance committees.

Required Skills & Experience

• Bachelor’s degree in Information Security, Risk Management, Business, or related field (or equivalent experience).
• 2–4 years in GRC, audit, compliance, or risk management.
• Familiarity with security frameworks (NIST CSF, ISO 27001, SOC 2, PCI DSS).
• Understanding of regulatory requirements (GDPR, CCPA).
• Strong organizational and documentation skills.

Preferred Qualifications

• Security or GRC certifications (CISA, CRISC, ISO 27001 Lead Implementer, CISSP).
• Experience with GRC platforms (OneTrust, MetricStream, Archer, Tugboat Logic, ServiceNow GRC).
• Exposure to enterprise/cloud environments (AWS, Azure).
• Excellent communication and presentation skills.