GRC Analyst (Cybersecurity)

TL;DR

GRC Analyst (Cybersecurity): Managing vendor risk assessments and security compliance tasks to support the clean energy transition with an accent on third-party risk and audit processes. Focus on completing security questionnaires, reviewing contracts for privacy, and improving the overall governance and security posture.

Location: Must be based in the US

Salary: $84,000 – $100,000 + Bonus

Company

hirify.global creates software to manage energy resources in homes and businesses to accelerate the transition to clean energy.

What you will do

• Manage 3rd party and vendor risk management assessments.
• Complete Request for Proposals (RFPs) and security questionnaires to assist sales and operations.
• Review contracts from a security and privacy perspective and manage tabletop testing.
• Participate in GRC processes, including risk assessment, policy management, and audits.
• Support security event monitoring, response, and the development of incident playbooks.
• Implement privacy operations practices to ensure the company meets its legal obligations.

Requirements

• 1-3 years of experience in a GRC or security position.
• Experience with 3rd party/vendor risk management processes.
• Experience working with sales teams to complete RFPs and security questionnaires.
• Understanding of GRC processes, policy management, risk assessment, and IT audit.
• Exposure to public cloud security concepts (AWS, Azure, or GCP).
• Exceptional verbal and written communication skills.

Nice to have

• GRC or Privacy certifications (e.g., CISA, CIPP).

Culture & Benefits

• Certified B Corporation committed to social and environmental responsibility.
• Comprehensive benefits package including flexible time off and generous parental leave.
• Wellness stipend and work flexibility.
• Inclusive workplace with Employee Resource Groups.
• Ample advancement opportunities and robust learning and development programs.