CBH

Senior GRC Analyst

CBH

full-time

Posted on:

Location Type: Remote

Location: North CarolinaTexasUnited States

Visit company website

Explore more

AI Apply
Apply

Salary

💰 $99,700 - $159,000 per year

Job Level

Senior

Tech Stack

Cyber Security

About the role

  • Manage the development, maintenance, and continuous improvement of the firm’s cybersecurity governance, risk, and compliance (GRC) program
  • Maintain and operationalize security policies, standards, procedures, and control frameworks aligned to industry standards (e.g., NIST CSF, NIST 800-53, ISO 27001, SOC 2, CMMC)
  • Perform security risk assessments, including technology, vendor, and business process risk, and document findings, risk ratings, and recommended mitigations
  • Track identified risks, exceptions, and remediation activities through a centralized risk register and support risk acceptance workflows
  • Drive and support internal and external audits, client risk assessments, and due diligence requests (e.g., SOC reports, questionnaires, client security reviews)
  • Partner with IT and Security teams to map technical controls to compliance requirements and validate control effectiveness
  • Manage and assist with third-party risk management activities, including vendor security reviews and ongoing risk monitoring
  • Contribute to incident governance activities, including post-incident reviews, risk tracking, and lessons learned documentation
  • Oversee and support compliance tooling and evidence collection (e.g., GRC platforms, audit management tools)
  • Help define metrics and reporting related to risk posture, compliance status, and control maturity for leadership
  • Stay current on relevant regulatory, legal, and cybersecurity requirements impacting the firm and communicating changes to stakeholders
  • Collaborate cross-functionally to promote security awareness, risk-informed decision making, and consistent governance practices
  • Drive and support special projects related to SOC maturity, control improvements, M&A integration, and new technology risk assessments

Requirements

  • Bachelor's Degree in Information Technology or Cybersecurity or other related degree
  • Relevant certifications (e.g. CISA, CRISC, CISM, or equivalent) preferred
  • Strong understanding of cybersecurity governance, risk management, and compliance concepts
  • Working knowledge of common security and compliance frameworks (e.g., NIST CSF, NIST 800-53, ISO 27001, SOC 2, CMMC)
  • Experience performing security risk assessments and documenting risks, controls, and remediation plans
  • Ability to interpret technical security controls and map them to compliance and regulatory requirements
  • Experience supporting audits, assessments, or client security questionnaires
  • Familiarity with third-party risk management and vendor security review processes
  • Strong analytical skills with the ability to assess risk, identify gaps, and recommend practical improvements
Benefits
  • Competitive compensation
  • Annual bonus
  • Medical, dental, and vision care
  • Disability and life insurance
  • Generous Paid Time Off
  • Retirement plans
  • Paid Care Leave
  • Other programs dedicated to enhancing personal and work life
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cybersecurity governancerisk managementcompliancesecurity risk assessmentstechnical controlsvendor security reviewsaudit managementmetrics and reportingincident governancerisk monitoring
Soft Skills
analytical skillscommunicationcollaborationrisk-informed decision makingleadership
Certifications
CISACRISCCISM