GRC Analyst (Cybersecurity)

TL;DR

GRC Analyst (Cybersecurity): Ensuring compliance with regulatory and contractual requirements and managing third-party risk with an accent on cyber and compliance risk management. Focus on measuring success through KPIs/KRIs, automating metrics collection, and maturing security controls.

Location: Hybrid (Overland Park, KS; Houston, TX; Cary, NC)

Company

Employee-owned company specializing in sustainable infrastructure, engineering, procurement, consulting, and construction.

What you will do

• Collect and automate KPIs and KRIs to measure cyber risk management effectiveness and provide data-driven insights.
• Monitor global regulatory landscapes and ensure compliance with client contractual data security and breach reporting requirements.
• Collaborate with D&IT peer groups to collect evidence for independent certifications and audits.
• Develop policies and standards of practice aligned with regulatory and contractual requirements.
• Perform third-party risk assessments and review security clauses in contracts to inform risk management.
• Leverage GenAI to improve GRC delivery and conduct user training via SETA tools.

Requirements

• Bachelor’s degree in Information Systems, Computer Science, or a related field.
• 2–3 years of experience in a GRC role.
• Must be able to complete pre-employment onboarding requirements (criminal/civil background check, drug screen).
• Familiarity with regulatory frameworks such as NIST, ISO 27001, CMMC, or UK Cyber Essentials.
• Proficiency in information security principles and concepts.

Nice to have

• Professional certifications such as CRISC or CISSP.
• Knowledge of privacy laws and experience with GRC platforms.
• Strong stakeholder engagement and interpersonal communication skills.

Culture & Benefits

• 100% ESOP-owned company with shared financial rewards through stock ownership.
• Competitive compensation with a company-matched 401k plan.
• Comprehensive health, dental, and vision insurance starting on day one.
• Flexible work schedules, paid vacation, holiday, and sick time.
• Tuition and adoption reimbursement programs.