About this role
Serve as a Governance Risk and Compliance (GRC) Analyst within the Security and Compliance team, supporting internal audits and managing risk findings. You will operate OneTrust for GRC reporting and communicate audit gaps and recommendations to senior management.
Key Responsibilities
- Conduct audits of information security/compliance/privacy processes
- Ensure timely resolution of audit and risk findings
- Manage OneTrust GRC reporting portal
- Communicate audit reports, gaps, and recommendations to management
- Report security and compliance metrics to management
Technical Overview
The role focuses on GRC execution across PCI, SSAE18, SOC 2, and ISO 27001 audit efforts, supported by frameworks and controls aligned to ISO 27001 and NIST standards (NIST 800-53, NIST 800-171, NIST CSF). You will manage audit workflows, reporting, and metric tracking via OneTrust while documenting and maintaining policies and procedures.
Ideal Candidate
The ideal candidate is a GRC Analyst with direct experience successfully completing annual PCI Compliance, SSAE18 SOC 2 attestations, and/or ISO 27001 certifications. They can manage audit and risk findings end-to-end, operate the OneTrust GRC reporting portal, and demonstrate strong knowledge of ISO 27001 and NIST standards while communicating clearly to senior leadership.
Must-Have Skills
Direct experience with achieving successful annual PCI ComplianceSSAE18 SOC 2 attestations and/or ISO 27001 certificationsDirect experience leading information security auditsSolid knowledge of ISO 27001NIST 800-53NIST 800-171NIST CSFExperience authoring policies and proceduresManages OneTrust GRC reporting portalExperience with GovernanceRisk Management and Compliance Lifecycle
Tools & Platforms
OneTrustOneTrust GRC reporting portal
Required Skills
Governance Risk and Compliance (GRC)information security auditscompliance and privacy processesOneTrust GRC reporting portalPCI complianceSSAE18SOC 2ISO 27001NIST 800-53NIST 800-171NIST Cybersecurity Framework (NIST CSF)GovernanceRisk Management and Compliance Lifecyclesecurity strategy and policypolicies and proceduresaccess controlsaudit report communicationsecurity compliance metrics reporting
Hard Skills
governance risk and compliance (GRC)information security auditscompliance and privacy auditsOneTrust GRC reporting portalaudit report communicationrisk assessment findings trackingsecurity standards developmentaccess controlspolicy developmentinformation security and compliance policy subject matter expertisesecurity compliance metrics reportingPCI complianceSSAE18SOC 2Payment Card Industry (PCI) ROCISO 27001 auditsISO 27001NIST 800-53NIST 800-171NIST Cybersecurity Framework (NIST CSF)GovernanceRisk Management and Compliance Lifecycle
Soft Skills
detail-orientedcommunication with senior managementability to convey complex technology concepts to non-technology stakeholdersconsultative and collaborative naturepersonal integrityself-motivatedself-disciplinedworks effectively from remote locationteam playerexcellent presentation skillstrust-building with internal teams
Keywords for Your Resume
GRC AnalystGovernance Risk and Compliance (GRC)information security auditscompliance and privacy processesOneTrustOneTrust GRC reporting portalaudit reportsrisk assessment findingsPCI CompliancePayment Card Industry (PCI) ROCSSAE18SOC 2ISO 27001ISO 27001 auditsNIST 800-53NIST 800-171NIST Cybersecurity Framework (NIST CSF)GovernanceRisk Management and Compliance Lifecyclesecurity strategysecurity strategy and policypolicies and proceduresaccess controlssecurity standards
Deal Breakers
Direct experience with achieving successful annual PCI Compliance, SSAE18 SOC 2 attestations and/or ISO 27001 certifications, Solid knowledge of ISO 27001, NIST 800-53, NIST 800-171, NIST CSF, Experience authoring policies and procedures
Get matched to jobs like this
Luna finds roles that fit your skills and career goals — no endless scrolling required.
Create a Free Profile