Position Details

Salary $72K – $107K USD / year

Type Not Specified

Experience mid

Exp. Years 3+ years

Education Bachelor's degree with concentration in Security, Computer Science, MIS, or Information Technology

Category Cybersecurity

About this role

This role supports the governance, risk, and compliance functions within the organization, ensuring adherence to standards and managing risk assessments and audits.

Key Responsibilities

Maintain security policies
Support risk assessments
Manage compliance programs
Assist with audits and assessments
Create and monitor metrics

Technical Overview

The technical scope includes GRC management tools, compliance standards like ISO 27001 and NIST frameworks, and reporting applications for metrics and audit support.

Ideal Candidate

The ideal candidate is a mid-level GRC analyst with 3+ years of experience supporting cybersecurity governance, risk, and compliance activities. They should be familiar with industry standards like ISO and NIST, and capable of managing policies, assessments, and audit processes.

Must-Have Skills

Cybersecurity complianceGRC lifecycle managementRisk assessmentPolicy developmentAudit support

Nice-to-Have Skills

Cybersecurity awarenessPhishing campaignsSecurity trainingControl validation

Tools & Platforms

GovernanceRisk and Compliance management toolsReporting applications

Required Skills

GRCGovernanceRisk and ComplianceSecurity policiesRisk assessmentsISO 27001ISO 27002NIST Cybersecurity FrameworkAuditReporting

Hard Skills

GovernanceRisk and ComplianceGRCSecurity policiesRisk assessmentsRisk managementCompliance standardsSarbanesOxleyISO 27001ISO 27002NIST Cybersecurity FrameworkNIST 800-53AuditReporting tools

Soft Skills

Effective communicationAnalytical thinkingProcess improvementCollaborationTechnical writing

Industry & Role

Industry Technology / Cybersecurity

Job Function GRC analysis and compliance management

Keywords for Your Resume

GovernanceRisk and ComplianceGRCSecurity policiesRisk assessmentsRisk managementCompliance standardsSarbanesOxleyISO 27001ISO 27002NIST Cybersecurity FrameworkNIST 800-53AuditReportingCybersecurity compliancePolicy developmentRisk monitoringControl validationCybersecurity awarenessNIST frameworksReporting tools

Deal Breakers

Lack of experience with GRC tools, No knowledge of cybersecurity standards (ISO, NIST), Inability to communicate complex compliance info, No experience with risk assessments

Apply for this Position →

Get matched to jobs like this

Luna finds roles that fit your skills and career goals — no endless scrolling required.

Create a Free Profile

Information Security GRC Analyst

Get matched to jobs like this