Gravity IT Resources
Job Title:
Lead GRC Analyst
Want to make an application Make sure your CV is up to date, then read the following job specs carefully before applying. Type:
FTE Location:
Irving, TX (4 days on-site, 1 day remote) Summary: The Lead GRC Analyst will play a pivotal role in strengthening enterprise-wide governance, risk, and compliance operations across our client’s three business units: homebuilding, mortgage, and title. This role focuses on policy management, third-party risk assessments, IT audits, and vulnerability scanning. The ideal candidate will bring deep technical expertise, a strategic mindset, and the ability to work cross-functionally with diverse stakeholders to uphold cybersecurity and regulatory standards. Key Responsibilities: Manage and maintain IT and security policies in alignment with regulatory frameworks Conduct comprehensive risk assessments and internal IT audits across business units Lead Third Party Risk Management (TPRM) efforts using tools such as One Trust and Security Scorecard Document and track vendor onboarding activities, including risk evaluations and remediation plans Analyze complex data sets using Excel (filters, pivot tables) to support decision-making and reporting Interface with internal stakeholders to identify, communicate, and remediate compliance issues Perform vulnerability scans and shift-left scanning to proactively identify risks Collaborate cross-functionally with teams across homebuilding, mortgage, and title divisions Support infrastructure security across both on-prem and cloud environments (AWS, Azure, GCP) Apply NIST 800-171 and NIST 800-53 standards to secure sensitive and federal information systems Provide guidance on operating systems including Windows and Linux (RHEL, Ubuntu, Debian, CentOS) Contribute to GRC program enhancements and support audit readiness initiatives Qualifications & Experience: Bachelor’s degree in information technology, Information Security, or related field Strong experience in Governance, Risk, and Compliance (GRC) Strong experience in cybersecurity risk assessment and vendor onboarding Strong experience conducting internal or IT audits Strong policy management experience and familiarity with regulatory frameworks Proficiency in Excel for data analysis and reporting Experience with NIST 800-171 (primary) and NIST 800-53 standards Solid understanding of operating systems and infrastructure (Windows, Linux, Unix) Exposure to cloud platforms including AWS, Azure, and GCP Experience using Rapid7 for vulnerability scanning and risk analysis Strong communication and stakeholder engagement skills Ability to work independently and collaboratively across technical and business teams Preferred Skills & Certifications: Experience with GRC tools such as Archer, ServiceNow GRC, Audit Board Familiarity with PCI DSS standards and secure data handling practices ITIL Certification or other relevant security/GRC certifications Exposure to project management tools (Jira, Confluence, Azure DevOps) Experience conducting modality or mobility curve assessments Background in systems administration or infrastructure security
Lead GRC Analyst
Want to make an application Make sure your CV is up to date, then read the following job specs carefully before applying. Type:
FTE Location:
Irving, TX (4 days on-site, 1 day remote) Summary: The Lead GRC Analyst will play a pivotal role in strengthening enterprise-wide governance, risk, and compliance operations across our client’s three business units: homebuilding, mortgage, and title. This role focuses on policy management, third-party risk assessments, IT audits, and vulnerability scanning. The ideal candidate will bring deep technical expertise, a strategic mindset, and the ability to work cross-functionally with diverse stakeholders to uphold cybersecurity and regulatory standards. Key Responsibilities: Manage and maintain IT and security policies in alignment with regulatory frameworks Conduct comprehensive risk assessments and internal IT audits across business units Lead Third Party Risk Management (TPRM) efforts using tools such as One Trust and Security Scorecard Document and track vendor onboarding activities, including risk evaluations and remediation plans Analyze complex data sets using Excel (filters, pivot tables) to support decision-making and reporting Interface with internal stakeholders to identify, communicate, and remediate compliance issues Perform vulnerability scans and shift-left scanning to proactively identify risks Collaborate cross-functionally with teams across homebuilding, mortgage, and title divisions Support infrastructure security across both on-prem and cloud environments (AWS, Azure, GCP) Apply NIST 800-171 and NIST 800-53 standards to secure sensitive and federal information systems Provide guidance on operating systems including Windows and Linux (RHEL, Ubuntu, Debian, CentOS) Contribute to GRC program enhancements and support audit readiness initiatives Qualifications & Experience: Bachelor’s degree in information technology, Information Security, or related field Strong experience in Governance, Risk, and Compliance (GRC) Strong experience in cybersecurity risk assessment and vendor onboarding Strong experience conducting internal or IT audits Strong policy management experience and familiarity with regulatory frameworks Proficiency in Excel for data analysis and reporting Experience with NIST 800-171 (primary) and NIST 800-53 standards Solid understanding of operating systems and infrastructure (Windows, Linux, Unix) Exposure to cloud platforms including AWS, Azure, and GCP Experience using Rapid7 for vulnerability scanning and risk analysis Strong communication and stakeholder engagement skills Ability to work independently and collaboratively across technical and business teams Preferred Skills & Certifications: Experience with GRC tools such as Archer, ServiceNow GRC, Audit Board Familiarity with PCI DSS standards and secure data handling practices ITIL Certification or other relevant security/GRC certifications Exposure to project management tools (Jira, Confluence, Azure DevOps) Experience conducting modality or mobility curve assessments Background in systems administration or infrastructure security