Governance, Risk, and Compliance (GRC) Analyst

As an experienced professional in Governance, Risk, and Compliance, you will be responsible for developing and maintaining information security policies in alignment with organizational goals and regulatory frameworks. Your role will involve coordinating annual reviews and obtaining executive approval to ensure policies remain relevant across various domains such as access control and secure software development. In this position, you will design and implement IT Service Management workflows and runbooks to enhance operational efficiency and promote cross-functional alignment. Additionally, you will conduct scheduled vulnerability scans and comprehensive risk assessments, leveraging AI-driven tools for automated documentation retrieval and issue tracking to support rapid response and proactive risk mitigation. Utilizing the FAIR (Factor Analysis of Information Risk) model, you will perform quantitative risk assessments and collaborate with managed advisory services to address complex governance and compliance challenges. Ensuring ongoing adherence to industry frameworks such as the NIST Cybersecurity Framework and CIS Controls will be a key aspect of your responsibilities, including implementing best practices in data encryption, business continuity, and disaster recovery planning. Furthermore, you will be involved in developing service-management metrics, continual improvement roadmaps, and establishing robust processes for production testing, release management, and lifecycle compliance. Your expertise will be crucial in advising on and implementing frameworks to strengthen corporate governance and provide effective compliance oversight across business units. To excel in this role, you should have a minimum of 10 years of experience in Governance, Risk, and Compliance roles, with proven expertise in policy development, control mapping, and executive communication. Strong cross-functional experience, especially in cybersecurity, automation, and cloud environments, will be essential. Demonstrated success in leading vulnerability scanning, enterprise risk assessments, and a deep understanding of FAIR risk management methodologies are required. You should possess in-depth knowledge of NIST CSF and CIS standards, as well as hands-on experience in data encryption, business continuity planning, and disaster recovery. Proficiency in designing service-management metrics, improvement roadmaps, and production/release processes is necessary. Excellent written and verbal communication skills, along with the ability to engage stakeholders at all organizational levels, are key qualities for this role. Please note that this position requires support in the US Eastern Time (ET) zone and does not involve rotational shifts.,