Governance - Risk Management - And Compliance - GRC - Associate

Governance – Risk Management – And Compliance – GRC – Associate

Bachelor’s degree in Cybersecurity, Information Systems, or a related field and 3-6 years of experience.
Foundational knowledge of cybersecurity, risk management, and frameworks.
Experience in cybersecurity, IT audit, GRC, or compliance, with exposure to governance tools.
Strong attention to detail, analytical thinking, and effective communication skills.
Comfortable working with both technical and business teams.

Support the creation and maintenance of cybersecurity policies, standards, and procedures.
Align governance practices with frameworks such as NIST CSF and CIS Controls.
Participate in policy reviews, steering committees, and control effectiveness assessments.
Deliver cybersecurity awareness training and track engagement metrics.
Maintain GRC platforms for policy management, issue tracking, and reporting.
Assist in identifying, assessing, and mitigating cybersecurity risks across internal operations.
Conduct risk assessments, business impact analyses, and support remediation planning.
Perform vendor risk reviews, including SOC report analysis and contract assessments.
Contribute to incident response planning, DR/BC testing, and post-incident analysis.
Help enhance and automate risk workflows using GRC tools and data.
Support compliance with cybersecurity laws and standards (e.g., GDPR, SOX, DORA).
Assist with audits by gathering evidence, responding to inquiries, and tracking remediation.
Monitor and maintain controls for data protection and compliance reporting.
Respond to RFPs, DDQs, and client security requests with accurate information.
Track regulatory changes and update compliance documentation as needed.