GRC Analyst

Summary: We are looking for a highly skilled and detail-oriented professional to fill a dual role as a GRC Analyst with a focus on Vulnerability Management and Governance, Risk, and Compliance (GRC). This position involves overseeing the entire lifecycle of vulnerability management while simultaneously supporting GRC initiatives across the organization. The ideal candidate will be experienced in vulnerability scanning, risk assessment, threat intelligence, and compliance frameworks such as NIST, GDPR, and ISO 27001. Strong communication and organizational skills are essential for preparing reports, conducting client reviews, and ensuring the timely closure of vulnerabilities and risk-related tasks.

Key Responsibilities:

Vulnerability Management:

• Manage the end-to-end vulnerability management process, including identification, assessment, and remediation.
• Collaborate with cross-functional teams to ensure timely identification and resolution of vulnerabilities.
• Conduct regular vulnerability scans, analyze results, and document findings for further action.
• Generate detailed reports on vulnerability status, severity, risks, and recommendations.
• Prioritize vulnerabilities based on potential impact and ensure critical issues are addressed first.
• Prepare and present vulnerability management reports and status updates to stakeholders, including clients and senior leadership.
• Track and follow up on remediation efforts to ensure vulnerabilities are resolved within established timelines.

Governance, Risk, and Compliance (GRC):

• Assist in the implementation and maintenance of compliance frameworks such as NIST, GDPR, SOC2, and ISO 27001.
• Ensure the organization adheres to industry best practices for risk management and regulatory compliance.
• Work with clients to create customized vulnerability and risk management reports, ensuring specific requirements are met.
• Analyze security tools to ensure their alignment with security requirements and compliance standards.
• Conduct user access audits and address any discrepancies with security policies and configurations.
• Analyze and follow up on penetration testing results, ensuring vulnerabilities are remediated in a timely manner.
• Identify non-compliance issues and recommend improvements to security and compliance processes.
• Provide support for GRC-related initiatives, including risk assessments, audits, and regulatory compliance reviews.

Collaboration and Communication:

• Work closely with legal, compliance, and IT teams to align vulnerability management with regulatory and legal requirements.
• Present vulnerability management findings, remediation plans, and progress updates in meetings with stakeholders.
• Respond to ad-hoc requests from internal teams and clients, addressing specific security, risk, or compliance needs.

Skills & Experience:

• 4–5 years of experience in both vulnerability management and GRC.
• Proficiency with vulnerability management tools such as Qualys, Nessus, and Rapid7.
• Familiarity with compliance frameworks like NIST, GDPR, and ISO 27001.
• Strong analytical, communication, and reporting skills.
• Ability to manage multiple projects and meet deadlines.
• Relevant certifications (e.g., ISO 27001 LA/LI) are a plus.