GRC Analyst

Point Wild helps customers monitor, manage, and protect against the risks associated with their identities and personal information in a digital world. Backed by Wndr Co, Warburg Pincus and General Catalyst, Point Wild is dedicated to creating the world’s most comprehensive portfolio of industry‑leading cybersecurity solutions. Our vision is to become THE go-to resource for every cyber protection need individuals may face - today and in the future.

Join us for the ride!

The GRC Analyst supports the organization's cybersecurity, risk management, and regulatory compliance programs, playing a key role in strengthening security posture and maintaining continuous audit readiness. This role is responsible for assisting with enterprise risk assessments, control testing, evidence collection, and the development and maintenance of compliance documentation aligned to frameworks such as SOC 2, NIST, and other applicable regulatory or contractual requirements.

The GRC Analyst partners closely with IT, Security, Legal, and business teams to coordinate audit activities, track remediation efforts, and ensure security and compliance requirements are implemented in a practical, scalable manner across the organization.

The ideal candidate is detail‑oriented, highly organized, and process‑driven, with the ability to analyze complex technical and regulatory requirements and translate them into clear, actionable guidance for both technical and non‑technical stakeholders. This role offers hands‑on exposure to enterprise security governance, audit programs, and cross‑functional collaboration, making it an excellent opportunity for someone looking to grow within the cybersecurity and risk management field.

• Conduct regular security audits and risk assessments to identify vulnerabilities and areas for improvement.
• Monitor and assess compliance with internal security policies and external regulatory requirements.
• Recommend and track appropriate security controls and mitigation strategies.
• Maintain detailed records of compliance activities, including assessments, corrective actions, and audit results.
• Prepare compliance documentation and reports for internal leadership and external auditors.

• Maintain and support the Simpluris cybersecurity compliance program.
• Regularly update policies, procedures, standards, and documentation to align with evolving regulatory and contractual requirements.
• Develop and maintain templates, tools, and resources to support compliance and audit readiness.
• Utilize compliance and GRC tools (i.e., Drata, Vanta, or similar platforms) to track controls, evidence, risks, and remediation efforts.
• Support third‑party risk assessments, vendor questionnaires, and ongoing vendor compliance monitoring.

• Serve as the primary point of contact between Corporate, Technology, and Operational teams.
• Collaborate with IT, legal, and business units to address compliance challenges.
• Communicate complex technical and regulatory requirements in a clear, accessible manner to diverse audiences.
• Develop and deliver training and awareness sessions

• Conduct or support internal security audits and compliance reviews.
• Stay current with industry standards, federal regulations, and cybersecurity best practices.
• Support incident response activities, investigations, and post‑incident documentation as needed.
• Collect, validate, and maintain audit evidence to support regulatory and customer audits.
• Assist with control testing, gap analysis, and remediation tracking.

• Bachelor's degree in information technology, Cybersecurity, Computer Science, Information Security, or a related field.
• 1–3 years of experience in IT security, compliance, risk management, or a related role.
• Experience with compliance and GRC tools (Drata or Vanta).
• Familiarity with cybersecurity and frameworks, including:
  • NIST 800‑53 R5 (CMMC is a plus)
  • Type 2 SOC 2
  • HIPAA, PCI‑DSS, or GDPR.
• Strong understanding of information security principles and best practices.

• 5+ years of experience in security compliance,…