Logo
Gravity IT Resources

Lead GRC Analyst

Gravity IT Resources, Irving

Save Job

Job Title: Lead GRC Analyst

Type: FTE

Location: Irving, TX (4 days on-site, 1 day remote)

Summary:

The Lead GRC Analyst will play a pivotal role in strengthening enterprise-wide governance, risk, and compliance operations across our client’s three business units: homebuilding, mortgage, and title. This role focuses on policy management, third-party risk assessments, IT audits, and vulnerability scanning. The ideal candidate will bring deep technical expertise, a strategic mindset, and the ability to work cross-functionally with diverse stakeholders to uphold cybersecurity and regulatory standards.

Key Responsibilities:

  • Manage and maintain IT and security policies in alignment with regulatory frameworks
  • Conduct comprehensive risk assessments and internal IT audits across business units
  • Lead Third Party Risk Management (TPRM) efforts using tools such as One Trust and Security Scorecard
  • Document and track vendor onboarding activities, including risk evaluations and remediation plans
  • Analyze complex data sets using Excel (filters, pivot tables) to support decision-making and reporting
  • Interface with internal stakeholders to identify, communicate, and remediate compliance issues
  • Perform vulnerability scans and shift-left scanning to proactively identify risks
  • Collaborate cross-functionally with teams across homebuilding, mortgage, and title divisions
  • Support infrastructure security across both on-prem and cloud environments (AWS, Azure, GCP)
  • Apply NIST 800-171 and NIST 800-53 standards to secure sensitive and federal information systems
  • Provide guidance on operating systems including Windows and Linux (RHEL, Ubuntu, Debian, CentOS)
  • Contribute to GRC program enhancements and support audit readiness initiatives

Qualifications & Experience:

  • Bachelor’s degree in information technology, Information Security, or related field
  • Strong experience in Governance, Risk, and Compliance (GRC)
  • Strong experience in cybersecurity risk assessment and vendor onboarding
  • Strong experience conducting internal or IT audits
  • Strong policy management experience and familiarity with regulatory frameworks
  • Proficiency in Excel for data analysis and reporting
  • Experience with NIST 800-171 (primary) and NIST 800-53 standards
  • Solid understanding of operating systems and infrastructure (Windows, Linux, Unix)
  • Exposure to cloud platforms including AWS, Azure, and GCP
  • Experience using Rapid7 for vulnerability scanning and risk analysis
  • Strong communication and stakeholder engagement skills
  • Ability to work independently and collaboratively across technical and business teams

Preferred Skills & Certifications:

  • Experience with GRC tools such as Archer, ServiceNow GRC, Audit Board
  • Familiarity with PCI DSS standards and secure data handling practices
  • ITIL Certification or other relevant security/GRC certifications
  • Exposure to project management tools (Jira, Confluence, Azure DevOps)
  • Experience conducting modality or mobility curve assessments
  • Background in systems administration or infrastructure security