Cybersecurity GRC Analyst

About the role

We are seeking a Cybersecurity GRC Analyst to develop, implement, and maintain our cybersecurity governance, risk, and compliance program. You will work closely with cross‑functional teams to embed security controls into business processes and ensure alignment with industry standards.

Key responsibilities

• Develop, implement, and maintain cybersecurity policies, standards, and procedures aligned with frameworks such as NIST CSF, ISO 27001, CIS Controls, SOC 2, and regulatory requirements.
• Conduct risk assessments, security control evaluations, and gap analyses to identify and mitigate risks.
• Support internal and external audits, providing evidence and ensuring compliance.
• Manage third‑party risk assessments and vendor security evaluations.
• Track, monitor, and report on cybersecurity risks, controls, and compliance metrics.
• Maintain risk registers, compliance documentation, and audit evidence repositories.
• Provide cybersecurity awareness training and guidance to employees.
• Oversee DLP strategy, fine‑tuning Zscaler policies for endpoint, network, and cloud environments.
• Stay current with evolving threats, regulatory changes, and best practices.

Required profile

• Bachelor’s degree in Computer Science, Information Systems, or a related field.
• 3+ years of experience in cybersecurity governance, risk, and compliance.
• Strong knowledge of security and risk management frameworks (NIST CSF, ISO 27001, CIS Controls, SOC 2, NIST 800‑53, FAIR).
• Excellent oral and written communication skills, with the ability to present to senior management.
• Proven ability to work both independently and collaboratively.

Required skills

• NIST Cybersecurity Framework (CSF)
• ISO 27001
• CIS Critical Security Controls
• SOC 2
• NIST 800‑53
• FAIR risk analysis
• Zscaler DLP policies