GRC Analyst – SecOps

By Tim Mektrakarn - CISSP | CISA | ISO 27001 | July 14, 2025

Bright Defense  ·  Governance Team  ·  Now Hiring

GRC Analyst II

Governance — Security Policy, Risk & Compliance

Full-Time Remote Governance 2–3 Years Experience

You’ll play a critical role in helping our customers establish and implement robust security governance programs — serving as their trusted point of contact for policy development, gap reviews, compliance readiness, and clear communication of security requirements from day one.

About the role

As a GRC Analyst II on our Governance Team, you’ll work directly with clients to support customer onboarding, policy development, gap reviews, and compliance readiness. You’ll explain governance frameworks and security requirements clearly to non-technical stakeholders, coordinate cross-functional handoffs with SecOps and Offensive Security, and help clients build the governance foundation they need to pass audits and maintain strong security postures.

Key responsibilities

Governance & policy

  • Support customer onboarding and kick-off, ensuring clients understand their security program roadmap and governance objectives
  • Draft, review, and maintain information security policies, procedures, and controls
  • Clearly communicate and explain governance frameworks and policy requirements to non-technical stakeholders
  • Develop and track risk registers, mitigation plans, and corrective action plans

Gap assessment & audit readiness

  • Perform gap assessments to identify areas for improvement against ISO 27001, SOC 2, NIST CSF, and other relevant frameworks
  • Support clients through audit readiness and defense — collecting evidence, tracking findings, and remediating gaps
  • Prepare clear, high-quality documentation and status reports for customers
  • Participate in regular customer status meetings and provide input on governance milestones and deliverables

Cross-functional coordination

  • Coordinate handoffs between governance activities and technical teams — Offensive Security, SecOps, and beyond
  • Serve as the trusted governance point of contact for assigned client accounts
  • Align policy and risk activities with the broader security program strategy for each client
  • Contribute to continuous improvement of governance procedures, templates, and documentation standards

Cross-functional collaboration

Security Consultants
SecOps Team
Offensive Security
Client Stakeholders

Requirements

Experience & frameworks
  • 2–3 years of relevant experience in information security, compliance, or risk management
  • Solid understanding of ISO 27001, SOC 2, NIST CSF, and other common security frameworks
  • Proven experience developing and implementing security policies and controls
  • Strong attention to detail and ability to manage multiple client deliverables simultaneously
Communication & availability
  • Exceptional written and verbal communication skills are mandatory — you must confidently explain security policies and governance requirements to diverse audiences
  • Collaborative, customer-focused mindset — you thrive in a cross-functional team environment
  • Must support US Eastern and Pacific time zones, 9AM–6PM
Nice to have
  • ISO 27001 Lead Implementer, CISA, CISSP (Associate), Security+, or similar certification
  • Experience working with clients in regulated industries — finance, healthcare, or SaaS
  • Exposure to GRC or risk and compliance management tools
Tools & platforms
  • GRC platforms — Drata, Vanta, Thoropass, or equivalent
  • Asana or similar PM tools for task and deliverable tracking
  • Google Workspace or Microsoft 365 proficiency
  • Documentation and evidence management tooling experience

Relevant certifications

ISO 27001 Lead Implementer CISA CISSP (Associate) CompTIA Security+ CISM CC (Certified in Cybersecurity) ISACA Cybersecurity Fundamentals

Why you’ll love this role

Directly help customers build trust and strengthen their security governance posture from day one

Develop hands-on expertise with real-world frameworks, audits, and compliance practices across diverse client verticals

Be part of a supportive team that values strong communication, clear documentation, and continuous learning

Compensation & perks

  • Competitive base salary — range shared during screening
  • Remote-first with flexible hours within the ET/PT coverage window (9AM–6PM)
  • Certification reimbursement — ISO 27001 Lead Implementer, CISA, CISSP, Security+, and more
  • Direct collaboration with Bright Defense co-founders and Governance leadership
  • Broad client exposure across defense, healthcare, fintech, and SaaS verticals
  • Clear growth path toward GRC Analyst III and Senior GRC roles

Bright Defense is an equal opportunity employer. We build diverse, high-trust teams.  |  brightdefense.com

Job Category: Security Operations (SecOps)
Job Type: Full Time
Job Location: Remote

Apply for this position

Allowed Type(s): .pdf, .doc, .docx