Position Details

Salary $40 – $60 USD / year

Type Contract

Experience mid

Exp. Years 3-5+ years

Education Bachelor's degree

Category Consulting & Advisory

About this role

Remote Contract to Hire Governance, Risk and Compliance (GRC) Analyst role supporting IT and business GRC program design, execution, and continuous improvement. You will perform IT risk assessments, support SOX ITGCs and SOC/internal audits, and manage access governance and remediation activities through audit-ready documentation.

Key Responsibilities

Support the design, execution, and continuous improvement of GRC programs across IT and business processes
Perform IT risk assessments, identify control gaps, and assist with remediation planning and tracking
Support SOX ITGCs, SOC, and internal audits including walkthroughs, testing coordination, evidence collection, and audit response management
Evaluate and document control design and operating effectiveness for access, change management, and IT operations controls
Maintain accurate and audit-ready documentation, risk registers, control matrices, and compliance artifacts

Technical Overview

The role focuses on IT GRC and audit support, including evaluating control design and operating effectiveness for access, change management, and IT operations. It leverages GRC frameworks and tools such as NIST, COBIT, RMF, CSF, and platforms like ServiceNow GRC, Archer, SecurEnds, and Saviynt.

Ideal Candidate

The ideal candidate is a mid-level GRC professional with 3-5+ years supporting Governance, Risk, and Compliance (GRC) programs across IT controls. They have strong experience with IT general controls (access, change, operations) and supporting SOX and SOC audit activities, including evidence collection and audit response management. They are comfortable documenting control design and operating effectiveness and managing audit-ready artifacts such as risk registers and control matrices, using GRC tooling like ServiceNow GRC, Archer, or Saviynt.

Must-Have Skills

GovernanceRiskand Compliance (GRC)IT risk assessmentsIT general controls (accesschangeoperations)Access & Identity GovernanceExperience supporting audits and compliance reviewsSOX ExperienceSOC ExperienceNYSDFS Experience (New York State Department of Financial Services)FLOIR Experience (Florida Office of Insurance Regulation (OIR))

Tools & Platforms

ServiceNow GRCArcherSecurEndsSaviyntNISTCOBITRMFCSF

Required Skills

GovernanceRiskand Compliance (GRC)IT Audit & ControlsAccess & Identity GovernanceRisk Assessment & RemediationPolicy & Control DocumentationNIST/COBIT/RMF/CSFServiceNow GRCArcherSecurEndsSaviyntSOX ITGCsSOCaccess governanceuser access reviewsrole reviewssegregation of duties (SoD) analysisexception trackingrisk registerscontrol matricesaudit response management

Hard Skills

GovernanceRiskand Compliance (GRC)Governance risk assessmentsIT risk assessmentsControl gap identificationRemediation planningRemediation trackingSOX ITGCsSarbanes-Oxley (SOX) Internal Controls over Financial Reporting (ITGCs)SOC walkthroughsSOC testing coordinationEvidence collectionAudit response managementControl design documentationOperating effectiveness evaluationAccess controlsChange management controlsIT operations controlsAccess governanceUser access reviewsRole reviewsSegregation of duties (SoD) analysisException trackingPolicy developmentStandard developmentProcedure developmentRisk issues trackingAudit findings trackingRemediation actions trackingRisk registersControl matricesCompliance artifactsThird-party access governanceContractor access governancePeriodic reviewsNISTCOBITRMFCSFServiceNow GRCArcherSecurEndsSaviyntIT Audit & ControlsAccess & Identity GovernanceRisk Assessment & RemediationPolicy & Control Documentation

Soft Skills

Strong documentation skillsStrong communication skillsClear communication to technical and non-technical stakeholdersCross-functional collaborationStakeholder managementAttention to detailAudit response management

Industry & Role

Industry Consulting

Job Function Deliver IT-focused GRC analysis, audit support, and access governance remediation as part of SOX and SOC compliance.

Role Subtype GRC Analyst

Tech Domains Cybersecurity, ITSM / ServiceNow

Keywords for Your Resume

Governance Risk and Compliance (GRC) AnalystGovernanceRiskand Compliance (GRC)GRCIT risk assessmentsIT general controlsaccesschange managementIT operationsSOXSOX ITGCsSarbanes-Oxley (SOX) Internal Controls over Financial Reporting (ITGCs)SOCevidence collectionaudit response managementcontrol designoperating effectivenessaccess governanceuser access reviewsrole reviewssegregation of duties (SoD) analysisexception trackingrisk registerscontrol matricesServiceNow GRCArcherSecurEndsSaviyntNISTCOBITRMFCSFNYSDFS Experience (New York State Department of Financial Services)FLOIR Experience (Florida Office of Insurance Regulation (OIR))

Deal Breakers

Bachelor's degree required, 3-5+ years of experience in GRC, IT Risk, Compliance, or Audit required, Strong understanding of IT general controls (access, change, operations) required, SOX Experience required, SOC Experience required, NYSDFS Experience (New York State Department of Financial Services) required, FLOIR Experience (Florida Office of Insurance Regulation (OIR)) required

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

100% Remote - Governance Risk and Compliance (GRC) Analyst - Contract to Hire

Get matched to jobs like this