Governance Risk & Compliance (GRC) Analyst
Location: Lakewood, CO Salary: $55.00 USD Hourly - $65.00 USD Hourly Description: Our client is currently seeking a Governance Risk & Compliance (GRC) Analyst Governance, Risk & Compliance (GRC) Analyst Contract-to-Hire | $130-140K Conversion Salary | Remote OK (Denver onsite preferred; relocation available upon conversion) Role Overview The GRC Analyst supports the Global Information Security Office by driving governance, risk management, and compliance initiatives across the organization. This role requires a proactive, flexible professional who can operate in a fast-changing environment, communicate effectively with leadership, and quickly take ownership of key GRC activities.
Key Responsibilities
Risk, Audit & Compliance
- Support company-wide information security risk assessments for projects, systems, and vendors.
- Assist with internal and external audits (e.g., J-SOX), evidence collection, and remediation tracking.
- Maintain compliance with ISO 27001, NIS2, GDPR, and other regulatory frameworks.
- Contribute to policy development, updates, and global rollout.
Vendor & Third-Party Risk
- Conduct vendor security assessments, review questionnaires, validate controls, and document findings.
- Escalate high-risk issues and support mitigation follow-up.
Dashboards & Reporting
- Develop and maintain dashboards, including the CISO Dashboard.
- Collect, validate, and analyze KPIs/KRIs related to compliance, risk, audits, incidents, and training.
- Present insights to leadership with clear, accurate reporting.
Security Awareness & Training
- Support security awareness initiatives, including e-learning content, phishing exercises, and internal communications.
Regulatory Monitoring
- Track global cybersecurity regulatory changes (e.g., NIS2, ICS/OT requirements, FDA expectations).
- Support gap assessments and compliance readiness.
AI Security Oversight
- Assist in evaluating risks related to AI systems and third-party AI tools.
- Support governance controls for secure AI use.
Additional Responsibilities
- Improve GRC processes, tools, and documentation.
- Support internal projects, automation efforts, and cross-functional initiatives.
- Provide coordination for security committees and working groups.
Required Qualifications
- 3-5+ years in information security, GRC, IT audit, or risk management.
- Strong communication skills; comfortable engaging with leadership.
- Experience with ISO 27001 and NIS2 (required).
- Experience conducting or supporting risk assessments and audits.
- Understanding of vendor security assessment processes.
- Ability to work independently in a dynamic environment with shifting priorities.
Preferred Skills
- Experience with GRC platforms (e.g., BitSight, Drata, OneTrust, Archer).
- Familiarity with cybersecurity domains (IAM, endpoint security, cloud, vulnerability management).
- Data analysis and dashboard/reporting experience.
- Awareness of emerging regulations (NIS2, AI governance, critical infrastructure).
- Experience working with global teams.
Education
- Bachelor's degree in Cybersecurity, Information Systems, Computer Science, or related field-or equivalent experience.
- Certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Implementer/Auditor are a plus.
By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help. Contact: This job and many more are available through The Judge Group. Please apply with us today!