Governance, Risk Compliance; GRC Analyst

Washington, DC Remote Full-Time

As a GRC Analyst, you will help organizations navigate the complex landscape of cybersecurity compliance and risk management. You will work directly with clients to assess their security posture, develop policies, and guide them through compliance frameworks including HIPAA, SOC 2, NIST, and more.

• • Conduct security assessments and gap analyses against compliance frameworks
• • Develop and maintain security policies, procedures, and documentation
• • Support clients through SOC 2, HIPAA, and other compliance audits
• • Perform risk assessments and develop risk treatment plans
• • Create and deliver compliance reports and executive summaries
• • Assist with vendor security questionnaire responses
• • Stay current on regulatory changes and industry best practices
• • Collaborate with technical teams to implement security controls

• ✓ 2+ years of experience in GRC, compliance, or information security
• ✓ Strong knowledge of compliance frameworks (SOC 2, HIPAA, NIST CSF, ISO 27001)
• ✓ Experience conducting security assessments and audits
• ✓ Excellent documentation and technical writing skills
• ✓ Strong understanding of security controls and risk management principles
• ✓ Ability to communicate complex concepts to non-technical stakeholders
• ✓ Detail-oriented with strong organizational skills
• ✓ Bachelor's degree in Cybersecurity, Information Systems, or related field

• + GRC certifications (CISA, CRISC, CGRC, or equivalent)
• + Experience with GRC platforms (Service Now, One Trust, Control Map)
• + Healthcare or financial services industry experience
• + Knowledge of cloud compliance (FedRAMP, SOC 2 for SaaS)
• + Experience with privacy regulations (GDPR, CCPA)

• ★ Fully remote work environment
• ★ Competitive salary and performance bonuses
• ★ Health, dental, and vision insurance
• ★ Professional development and certification support
• ★ Mentorship from industry-leading security experts