GRC Analyst

About the Role:

The GRC Analyst supports the organization’s cybersecurity, risk management, and regulatory compliance programs, playing a key role in strengthening security posture and maintaining continuous audit readiness. This role is responsible for assisting with enterprise risk assessments, control testing, evidence collection, and the development and maintenance of compliance documentation aligned to frameworks such as SOC 2, NIST, and other applicable regulatory or contractual requirements. The GRC Analyst partners closely with IT, Security, Legal, and business teams to coordinate audit activities, track remediation efforts, and ensure security and compliance requirements are implemented in a practical, scalable manner across the organization.

The ideal candidate is detail-oriented, highly organized, and process-driven, with the ability to analyze complex technical and regulatory requirements and translate them into clear, actionable guidance for both technical and non-technical stakeholders. This role offers hands-on exposure to enterprise security governance, audit programs, and cross-functional collaboration, making it an excellent opportunity for someone looking to grow within the cybersecurity and risk management field.

Day to Day: 

Compliance & Risk Management

• Conduct regular security audits and risk assessments to identify vulnerabilities and areas for improvement.
• Monitor and assess compliance with internal security policies and external regulatory requirements.
• Recommend and track appropriate security controls and mitigation strategies.
• Maintain detailed records of compliance activities, including assessments, corrective actions, and audit results.
• Prepare compliance documentation and reports for internal leadership and external auditors.

Program & Policy Development

• Maintain and support the Simpluris cybersecurity compliance program.
• Regularly update policies, procedures, standards, and documentation to align with evolving regulatory and contractual requirements.
• Develop and maintain templates, tools, and resources to support compliance and audit readiness.
• Utilize compliance and GRC tools (i.e., Drata, Vanta, or similar platforms) to track controls, evidence, risks, and remediation efforts.
• Support third-party risk assessments, vendor questionnaires, and ongoing vendor compliance monitoring.

Collaboration & Communication

• Serve as the primary point of contact between Corporate, Technology, and Operational teams.
• Collaborate with IT, legal, and business units to address compliance challenges.
• Communicate complex technical and regulatory requirements in a clear, accessible manner to diverse audiences.
• Develop and deliver training and awareness sessions

Audit, Monitoring & Incident Support

• Conduct or support internal security audits and compliance reviews.
• Stay current with industry standards, federal regulations, and cybersecurity best practices.
• Support incident response activities, investigations, and post-incident documentation as needed.
• Collect, validate, and maintain audit evidence to support regulatory and customer audits.
• Assist with control testing, gap analysis, and remediation tracking.

What you bring to the table: 

• Bachelor’s degree in information technology, Cybersecurity, Computer Science, Information Security, or a related field.
• 1–3 years of experience in IT security, compliance, risk management, or a related role.
• Experience with compliance and GRC tools (Drata or Vanta).
• Familiarity with cybersecurity and frameworks, including:
• NIST 800-53 R5 (CMMC is a plus)
• Type 2 SOC 2
• HIPAA, PCI-DSS, or GDPR.
• Strong understanding of information security principles and best practices.

Bonus Points: 

• 5+ years of experience in security compliance, risk management, or a related field.
• Bachelor’s degree in information technology, Cybersecurity, Computer Science, Information Security, or a related field.
• Experience working in legal, financial, or other highly regulated environments.
• Experience conducting formal risk assessments and managing compliance programs.
• Experience maintaining and developing security policies, standards, and procedures.
• Professional certifications such as CISSP, CISM, CISA, CompTIA Security+, or CMMC-related certifications.

Point Wild is committed to offering a generous package to support our employees in all aspects of their life in and out of work. Our packages offer competitive pay, generous health and wellness benefits, retirement savings plans, parental leave and much more! Pay range for this position is $80,000 - $95,000 but may vary depending on job-related knowledge, skills, experience and location.

#LI-REMOTE