InfoSec GRC Analyst - World Wide Technology

Key Responsibilities

• Develop, maintain, and continuously improve the organization’s GRC framework, policies, and procedures aligned with ISO 27001, NIST, and PCI DSS.
• Conduct risk assessments, gap analyses, and control evaluations to identify security weaknesses and recommend remediation actions.
• Coordinate internal and external audit activities, prepare evidence packages, and track remediation of audit findings.
• Manage GRC tools and dashboards to monitor compliance status, risk metrics, and remediation progress.
• Collaborate with cross‑functional teams to integrate security controls into projects, cloud environments, and third‑party vendor relationships.

Requirements

• 3+ years of experience in information security, risk management, or GRC roles.
• Hands‑on experience with GRC platforms (e.g., RSA Archer, ServiceNow GRC) and security frameworks such as ISO 27001, NIST CSF, and PCI DSS.
• Strong analytical and documentation skills for risk assessments, audit evidence, and compliance reporting.
• Relevant certifications (CISM, CRISC, ISO 27001 Lead Implementer, or equivalent) preferred.
• Ability to communicate security concepts to technical and non‑technical stakeholders and work independently in a fast‑paced environment.