CGWS - COME GROW WITH US

GRC Analyst II

CGWS - COME GROW WITH US

full-time

Posted on:

Location Type: Hybrid

Location: Utah • 🇺🇸 United States

Visit company website
AI Apply
Apply

Job Level

JuniorMid-Level

Tech Stack

AWSCloudServiceNow

About the role

  • Collaborate with internal stakeholder teams (e.g., Engineering, IT, Product, Legal, HR) to document the implementation of security compliance controls across technical, management, and operational requirements.
  • Support and perform gap analyses of current policies, procedures, and practices against established guidelines and frameworks, including NIST, FISMA, HIPAA, and other applicable regulatory standards.
  • Assist with and conduct risk assessments of technology infrastructure, business processes, and security controls for assigned areas, documenting findings and recommended remediation steps.
  • Embrace AI as a core tool to enhance GRC accuracy, efficiency, and proactive risk management, while following internal standards for responsible AI use.
  • Use AI-powered platforms, under guidance from senior team members, for continuous controls monitoring, predictive risk analysis, and identification of potential compliance gaps.
  • Improve team efficiency in evidence collection, organization, and analysis - leveraging AI and automation where appropriate - so the GRC function can focus more time on higher-value risk and compliance activities. Contribute to the build-out, maintenance, and ongoing refinement of the enterprise controls matrix, ensuring alignment and mapping across multiple compliance frameworks (e.g., SOC 1, SOC 2, PCI DSS, NIST CSF, ISO 27001, ISO 27018, ISO 42001, HITRUST, HIPAA).
  • Assist in developing, updating, and maintaining security and compliance documentation, which may include the key documents required by the above standards.
  • Support the delivery, tracking, and ongoing improvement of information security training and awareness programs for employees and contractors.
  • Perform vendor security and risk assessments for new and existing vendors, document results, and occasionally interface directly with vendor contacts to clarify responses or request additional information.
  • Assist with tracking and coordinating activities related to threat and vulnerability management, including monitoring assessment results, following up on remediation efforts, and helping to ensure that vulnerabilities are addressed within defined timeframes.

Requirements

  • Bachelor's degree in Computer Science, Information Technology, or related field
  • Minimum of 2 years of experience in compliance, audit, and/or information security
  • CISSP, CISA, CCSA, or equivalent certification preferred
  • Familiarity with enterprise-level compliance tools such as Drata, Vanta, ServiceNow, Archer, IBM GRC or other industry equivalent software
  • Foundational understanding and eagerness to learn NIST CSF, NIST RMF, ISO 27001, ISO 27018, ISO 42001, SOC 1, SOC 2, HIPAA and HITRUST
  • Basic understanding of cloud based environments for production applications, including Amazon Web Services, Google Cloud, or other large-scale cloud deployments
  • Experience in the vulnerability assessment lifecycle from the point of identification to remediation
  • Interpersonal skills to work as a team member and as a liaison
  • Excellent verbal communication, presentation, organizational and planning skills, and great attitude and ability to learn new things quickly
Benefits
  • Great Company Culture that has been recognized by multiple organizations like Inc, and Salt Lake Tribune
  • Comprehensive health, life, and disability insurance
  • Generous leave policies that include 4 weeks of vacation, 12 company holidays, parental leave, and volunteer time off so you can enjoy quality of life
  • 401k plans with up to 6% company match
  • $2000 Paid-Paid Vacation bonus
  • EAP through Headspace

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
security compliance controlsgap analysisrisk assessmentsevidence collectioncontrols monitoringpredictive risk analysisvulnerability assessmentremediationcloud environmentsinformation security training
Soft skills
interpersonal skillsteam collaborationverbal communicationpresentation skillsorganizational skillsplanning skillsadaptabilitylearning agility
Certifications
CISSPCISACCSA