JR GRC ANALYST

About the Role

We're looking for a proactive and detail-oriented GRC Analyst to join our team and help implement and maintain key security and privacy compliance frameworksincluding ISO 27001, ISO 22301, GDPR, SOC 2, HIPAA, and others. Looking for the candidate ready to travel for international projects and assignments.

Whether you have experience in one framework or multiple, we encourage you to apply. We value strong learners with the drive to grow into multi-standard implementation experts.

You'll collaborate with cross-functional teams to strengthen our governance, risk, and compliance posture, ensuring we stay audit-ready while building a scalable, mature security program.

What You'll Do

Compliance Implementation & Management

Implement and maintain compliance programs such as ISO 27001, ISO 22301, GDPR, SOC 2, HIPAA (experience in even one is sufficient; we will train the rest).

Conduct gap assessments, create remediation plans, and track closure activities.

Maintain compliance evidence repositories and ensure version control and readiness for audits.

Risk Management

Identify, assess, and document organizational risks.

Support risk treatment planning with control owners and monitor progress.

Audit & Certification Support

Prepare documentation, collect evidence, and assist internal and external auditors.

Coordinate with stakeholders to remediate non-conformities and observations.

Policy & Procedure Development

Draft, review, and update security and privacy policies, SOPs, and standards aligned with regulatory and framework requirements.

Third-Party & Vendor Risk Management

Conduct vendor assessments and evaluate security posture before onboarding.

Track vendor risks and follow up on mitigation plans.

Awareness & Training

Support organization-wide security awareness initiatives.

Assist in running phishing simulations, role-based training, and compliance workshops.

Regulatory & Industry Monitoring

Stay updated on emerging regulations, security best practices, and audit expectations.

Recommend improvements to enhance our GRC maturity.

What You Bring

13 years of experience in GRC, compliance implementation, IT audit, or cybersecurity.

Hands-on experience with at least one major standard (ISO 27001, ISO 22301, GDPR, SOC 2, HIPAA, PCI DSS, NIST, etc.).

If you know only one or twoperfect. We support cross-training into others.

Strong analytical and documentation skills; ability to identify gaps and propose practical controls.

Excellent communication skillscapable of translating compliance concepts into clear, actionable guidance.

Preferred but not required: certifications like ISO 27001 LA/LI, Sec+, CISA, CRISC, CDPSE, or similar.

Why You'll Love Working With Us

• Opportunity to grow into a multi-framework compliance specialist with real-world implementation experience.
• International Travel Options.
• Collaborative team culturesecurity without the bureaucracy.
• Exposure to diverse compliance programs and continuous professional development.