GRC Analyst, Operations & Risk (Cybersecurity)

TL;DR

GRC Analyst, Operations & Risk (Cybersecurity): Supporting the Governance, Risk, and Compliance program by managing intake and third-party risk activities with an accent on operational workflows and risk visibility. Focus on optimizing GRC tooling, automating intake processes, and ensuring audit readiness across multiple frameworks.

Location: On-site in Boston, MA. The successful candidate must be prepared to relocate to Boston, MA if necessary.

Salary: $60,000 - $90,000

Company

A wearable technology company specializing in human performance and health tracking.

What you will do

• Manage day-to-day GRC operations, including intake, request prioritization, and ticket tracking.
• Conduct third-party risk management activities, vendor reviews, and remediation tracking.
• Perform risk assessments, document risks, and maintain the risk register hygiene.
• Support compliance monitoring and audit readiness through evidence collection and control coordination.
• Analyze workflow trends to improve GRC templates, reporting, and automation.
• Coordinate security awareness training and track completion across the organization.

Requirements

• 2+ years of experience in GRC, third-party risk management, or IT audit.
• Experience with security frameworks like SOC 2, ISO 27001, NIST CSF, GDPR, or PCI.
• Strong operational discipline and ability to drive cross-functional work to closure.
• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Must be based in or be able to relocate to Boston, MA.

Nice to have

• Certifications such as Security+, CISA, CRISC, CISM, CISSP, or ISO 27001.
• Experience with GRC platforms and operational reporting systems.

Culture & Benefits

• Competitive base salary and generous equity package.
• Inclusive environment that values character as much as experience.
• Commitment to leveraging AI tools for increased efficiency.
• Total compensation approach aligning employees with long-term company growth.