GRC Analyst II

By Tim Mektrakarn - CISSP | CISA | ISO 27001 | July 14, 2025

About the Role:

As a GRC Analyst II on our Governance Team, you’ll play a critical role in helping our customers establish, and implement robust security governance programs. You’ll work directly with clients to support customer onboarding, policy development, gap reviews, and compliance readiness, and you’ll be the trusted point of contact to clearly communicate security policies, processes, and requirements to our customers.

Key Responsibilities:

  • Support customer onboarding and kick-off, ensuring clients understand their security program roadmap and governance objectives.
  • Perform gap assessments to identify areas for improvement against frameworks such as ISO 27001, SOC 2, NIST, or other relevant standards.
  • Draft, review, and maintain information security policies, procedures, and controls, ensuring they are clearly communicated and explained to customers.
  • Effectively explain governance frameworks and policy requirements to non-technical stakeholders.
  • Develop and track risk registers, mitigation plans, and corrective action plans.
  • Coordinate hand-offs between governance activities and technical teams (e.g., Offensive Security, SecOps).
  • Prepare clear, high-quality documentation and status reports for customers.
  • Support clients through audit readiness and defense, helping collect evidence, track findings, and remediate gaps.
  • Participate in regular customer status meetings and provide input on governance milestones and deliverables.

Requirements:

  • ✅ 2–3 years of relevant experience in information security, compliance, or risk management.
  • ✅ Exceptional written and verbal communication skills are mandatory — you must be able to confidently and clearly explain security policies and governance requirements to diverse audiences.
  • ✅ Support US Eastern and Pacific timezones from 9AM – 6PM.
  • ✅ Solid understanding of common security frameworks (ISO 27001, SOC 2, NIST CSF, etc.).
  • ✅ Proven experience developing and implementing security policies and controls.
  • ✅ Strong attention to detail and ability to manage multiple tasks and customer deliverables simultaneously.
  • ✅ A collaborative, customer-focused mindset — you thrive in a cross-functional team environment.

Nice to Have:

  • ➕ Relevant certifications, such as ISO 27001 Lead Implementer, CISA, CISSP (Associate), Security+, or similar.
  • ➕ Experience working with clients in regulated industries (e.g., finance, healthcare, SaaS).
  • ➕ Exposure to tools for risk and compliance management.

Why You’ll Love This Role:

  • ✅ Directly help customers build trust and strengthen their security governance posture.
  • ✅ Develop hands-on expertise with real-world frameworks, audits, and compliance practices.
  • ✅ Be part of a supportive team that values strong communication, clear documentation, and continuous learning.

Apply for this position

Allowed Type(s): .pdf, .doc, .docx