Position Overview:
The Senior GRC Analyst will serve as the dedicated Governance, Risk, and Compliance (GRC) analyst for a growing security team. Own and mature the organization’s GRC processes - from risk registers and audit support to control testing and policy development. This role is foundational in aligning security initiatives to SOC 2, HIPAA, and NIST requirements. You will work closely with the Security Manager to operationalize compliance workflows, improve scalability, and eventually build and lead a formal GRC function.
Key Responsibilities:
Governance & Policy Development:- Draft, maintain, and evolve information security policies, standards, and procedures aligned with regulatory frameworks.
- Collaborate with technical and business teams to ensure policies are practical, up to date, and effectively implemented.
- Prepare documentation and responses for external audits and regulatory reviews (SOC 2, HIPAA, NAIC, etc.).
Risk & Control Management:- Maintain and update the enterprise risk register; coordinate quarterly reviews with domain owners.
- Map and test controls for effectiveness across security, privacy, and operational domains.
- Track accepted risks and mitigation plans; document and report on progress.
Compliance & Audit Operations:- Coordinate evidence collection and maintain audit readiness throughout the year.
- Assist with internal and third-party risk assessments.
- Support tabletop exercises and business continuity documentation.
Process Maturity & Metrics:- Build repeatable workflows for compliance, policy, and risk processes, starting from manual tools and scaling toward automation.
- Define and track KPIs for audit readiness, risk mitigation, and GRC effectiveness.
- Identify and implement opportunities for continuous improvement in collaboration with other teams.
Team Development & Leadership Growth:- Document procedures to enable future team scaling.
- Demonstrate ownership, initiative, and quality execution in all areas of GRC.
- Position yourself to grow into a leadership role as the GRC function expands.
Qualifications:- Bachelor’s degree in Cybersecurity, Information Systems, Business Administration, or equivalent experience.
- 5–7 years in security, audit, compliance, or risk roles, with experience supporting or running audits.
- Familiarity with SOC 2, HIPAA, NIST preferred.
- Excellent organizational and communication skills
- Ability to prioritize, self-direct, and execute with minimal supervision
- Strong process orientation and documentation habits
- Familiarity with regulatory frameworks and risk-based thinking
- Comfortable navigating between high-level strategy and detailed execution
- Interest in scaling a team and evolving into a GRC leadership role
Job Type: Direct Hire.
Client Location: Cedar Park, TX. This will be a hybrid role with M-W being onsite and TH - F being from home.
#TECHIND
