GRC Analyst (Cybersecurity)

TL;DR

GRC Analyst (Cybersecurity): Supporting the transformation from a single-tenant to a secure, compliant, multi-tenant platform with an accent on SOX compliance, RBAC definition, and access governance. Focus on designing a formal governance framework for the role lifecycle and remediating compliance gaps.

Location: Hybrid in Guadalajara, Mexico

Company

hirify.global is a global digital transformation and IT services provider helping enterprises accelerate their modernization journeys.

What you will do

• Lead the evolution of access control from single-tenant to multi-tenant architecture to ensure security by design.
• Drive remediation of SOX compliance gaps specifically related to access control and role governance.
• Analyze and rationalize 200+ existing roles to design and maintain a centralized Role Catalog.
• Design and implement a formal governance framework covering the full role lifecycle (creation, modification, review, and deprecation).
• Partner with engineering and product teams to embed compliant access controls into system and process designs.
• Support internal and external audits, including SOX audits, evidence collection, and control testing.

Requirements

• 3–5 years of experience in Information Security, GRC, or IAM roles.
• Strong hands-on experience with Identity and Access Management (IAM) and Role-Based Access Control (RBAC).
• Demonstrated experience supporting SOX compliance, audit readiness, and control remediation.
• Experience analyzing and documenting access models and entitlements across complex platforms.
• Proven ability to collaborate cross-functionally with Engineering, Product, and Security teams.
• Strong analytical skills to identify root causes and drive remediation plans.