×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Data Security Information Security

Senior GRC Analyst

Job in Chicago, Cook County, Illinois, 60290, USA
Listing for: Sargent & Lundy
Full Time position
Listed on 2026-01-13
Job specializations:
  • IT/Tech
    Cybersecurity, Data Security, Information Security
Salary/Wage Range or Industry Benchmark: 150000 - 200000 USD Yearly USD 150000.00 200000.00 YEAR
Job Description & How to Apply Below

Join to apply for the Senior GRC Analyst role at Sargent & Lundy

Sargent & Lundy is a leading consulting engineering firm specializing in the power and energy sectors. Since 1891, we have provided comprehensive engineering, design, and consulting services for both traditional and renewable power generation, grid modernization, nuclear power, and beyond. Our mission is to help clients achieve their energy goals effectively by leveraging advanced technologies and adopting sustainable practices.

Role Overview

Sargent & Lundy is seeking a proactive, data-driven, and detail-oriented Senior GRC Analyst to lead key pillars of Governance, Risk, and Compliance (GRC) with a primary emphasis on enterprise Information Security, TPRM, contract governance, and cross-functional coordination with Legal and Procurement. You will own cyber training, communications, and phishing simulations, and drive measurable outcomes through strong data analysis and dashboard reporting (KPIs/KRIs).

You will support audit readiness and regulatory alignment across frameworks such as ISO 27001, SOC 2, NIST CSF /171, and CMMC. You will also guide privacy-aligned practices (e.g., GDPR) and lead effective policy implementation through clear procedures, controls, and adoption plans.

Essential Responsibilities
  • Lead and mature the Third-Party Risk Management (TPRM) program: develop & manage vendor inventory, conduct risk reviews of third-party vendors, define tiering/scoping, evaluate controls, track obligations/findings through closure, and standardize evidence retention in collaboration with Legal and Procurement.
  • Drive strong contract management with Legal and Procurement: standardize security and privacy clauses, review S&L client contracts, negotiate requirements, and ensure obligations are tracked, owned, and reported.
  • Own the security awareness & training program end-to-end: develop curriculum, coordinate communications, execute phishing simulations, analyze outcomes, and improve effectiveness using KPI/KRI dashboards and trend reporting.
  • Administer and optimize GRC platforms and workflows (e.g., Hyperproof) to maintain visibility into risks, assessments, findings, and audit deliverables; establish SLAs and performance indicators.
  • Develop risk management & risk assessment practice, conduct risk assessments, develop and manage risk register with clear tracking of risks and accountability.
  • Advance security governance by drafting, maintaining, and operationalizing policies, standards, procedures, and roles & responsibilities; lead change management and communications to ensure policy implementation and adoption.
  • Coordinate evidence and execute control readiness for ISO 27001, SOC 2, NIST CSF, CMMC (gap analysis, control testing, POA&Ms), and support automation that reduces workload.
  • Support privacy-aligned practices (e.g., GDPR): contribute to data classification/handling standards, data mapping/records of processing, privacy-by-design reviews, incident/breach alignment, and retention practices.
  • Oversee governance for Business Continuity and Disaster Recovery and Backup & Recovery in partnership with IT (plan maintenance, exercises, lessons learned, reporting).
  • Lead cross-functional coordination with IT, HR, Finance, Legal, and business teams to embed compliance into operations and accelerate remediation of findings.
  • Manage security tasks/projects and report progress via standardized dashboards, scorecards, and executive-ready narratives, highlighting risk, performance, and trends.
  • Define, publish, and automate metrics & management reporting (KPIs/KRIs) for training effectiveness, phishing trends, vendor risk, audit readiness, privacy/policy adoption, and control performance.
  • Continuously upgrade information security skills, contribute to Information Security team skill development with playbooks, enablement sessions, and knowledge-sharing.
  • Support government contract compliance reviews and tracking, ensuring obligations are documented, monitored, and evidenced.
Core Areas of Responsibility (Scope)
  • Information Security Governance, Policies, Standards, Procedures, and Roles & Responsibilities.
  • Risk Management – Information security risk…
Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search