Soni Resources
Job Title:
Senior GRC Analyst Location:
Hybrid role - King of Prussia, PA or Denver, PA Minimum of 3 days (Tues, Wed & Thursday's). Department:
Information Security / Compliance / Risk Management Reports To:
Global Cybersecurity GRC Manager
Job Summary
The
Senior GRC Analyst
plays a key role in ensuring our client operates within regulatory, legal, and compliance obligations while effectively managing cybersecurity risk. Reporting to the Global Cybersecurity Governance, Risk, and Compliance Manager, this role collaborates with cross-functional teams to design, implement, and maintain governance, risk, and compliance (GRC) processes.
The ideal candidate is detail-oriented, analytical, and experienced in regulatory compliance, risk frameworks, and governance best practices. They will also drive continuous improvement across governance and compliance programs.
Key Responsibilities
Governance
Develop and maintain corporate policies, standards, and frameworks to align with industry best practices (e.g., NIST CSF, SOX, PCI).
Assist in documenting and maintaining GRC processes and procedures.
Conduct assessments (peer reviews, audits, etc.) to ensure IT functions comply with company standards.
Track and report on key risk indicators (KRIs) and security metrics. Risk Management
Assist with gap assessments to identify threats, vulnerabilities, and business impacts.
Maintain the enterprise risk register, ensuring risks are documented, prioritized, and mitigated.
Perform vendor risk assessments and ongoing monitoring of third-party engagements.
Document risk acceptance decisions and compensating controls.
Develop and maintain standardized risk documentation templates.
Evaluate cybersecurity risks for incoming projects and M&A due diligence. Compliance
Ensure compliance with applicable regulations (GDPR, HIPAA, SOX, PCI-DSS) and internal policies.
Maintain compliance frameworks and align policies/standards with evolving regulatory requirements.
Monitor compliance exceptions and provide reporting metrics to leadership. Stakeholder Engagement
Collaborate with business units to understand and support critical processes.
Educate stakeholders on risk management concepts and compliance requirements.
Partner with technical teams to validate remediation and mitigation plans.
Present risk findings to governance committees and senior stakeholders.
Track outcomes and metrics for vendor-related breaches and governance programs.
Coordinate regular review and updates of policies and standards with stakeholders. Collaboration & Reporting
Partner with IT, Legal, HR, and other departments to ensure alignment on GRC efforts.
Develop and deliver regular risk and compliance reporting to senior leadership and boards.
Act as a subject matter expert (SME) for GRC-related initiatives and queries. Qualifications
Education & Experience
Bachelor's degree in Information Security, Risk Management, Computer Science, or related field required.
4-6 years of experience in GRC, risk management, or compliance. Skills & Competencies
Strong knowledge of GRC tools (e.g., RSA Archer, ServiceNow GRC).
Familiarity with risk management frameworks (COBIT, FAIR) and compliance standards.
Advanced analytical, problem-solving, and organizational skills.
Excellent verbal and written communication skills with the ability to influence at all levels.
Relevant certifications (CRISC, CISM, CISA, CISSP) highly preferred. Key Attributes
Strong attention to detail with ability to manage multiple priorities.
Proactive mindset with focus on continuous improvement.
Collaborative team player with strong stakeholder engagement skills.
Senior GRC Analyst Location:
Hybrid role - King of Prussia, PA or Denver, PA Minimum of 3 days (Tues, Wed & Thursday's). Department:
Information Security / Compliance / Risk Management Reports To:
Global Cybersecurity GRC Manager
Job Summary
The
Senior GRC Analyst
plays a key role in ensuring our client operates within regulatory, legal, and compliance obligations while effectively managing cybersecurity risk. Reporting to the Global Cybersecurity Governance, Risk, and Compliance Manager, this role collaborates with cross-functional teams to design, implement, and maintain governance, risk, and compliance (GRC) processes.
The ideal candidate is detail-oriented, analytical, and experienced in regulatory compliance, risk frameworks, and governance best practices. They will also drive continuous improvement across governance and compliance programs.
Key Responsibilities
Governance
Develop and maintain corporate policies, standards, and frameworks to align with industry best practices (e.g., NIST CSF, SOX, PCI).
Assist in documenting and maintaining GRC processes and procedures.
Conduct assessments (peer reviews, audits, etc.) to ensure IT functions comply with company standards.
Track and report on key risk indicators (KRIs) and security metrics. Risk Management
Assist with gap assessments to identify threats, vulnerabilities, and business impacts.
Maintain the enterprise risk register, ensuring risks are documented, prioritized, and mitigated.
Perform vendor risk assessments and ongoing monitoring of third-party engagements.
Document risk acceptance decisions and compensating controls.
Develop and maintain standardized risk documentation templates.
Evaluate cybersecurity risks for incoming projects and M&A due diligence. Compliance
Ensure compliance with applicable regulations (GDPR, HIPAA, SOX, PCI-DSS) and internal policies.
Maintain compliance frameworks and align policies/standards with evolving regulatory requirements.
Monitor compliance exceptions and provide reporting metrics to leadership. Stakeholder Engagement
Collaborate with business units to understand and support critical processes.
Educate stakeholders on risk management concepts and compliance requirements.
Partner with technical teams to validate remediation and mitigation plans.
Present risk findings to governance committees and senior stakeholders.
Track outcomes and metrics for vendor-related breaches and governance programs.
Coordinate regular review and updates of policies and standards with stakeholders. Collaboration & Reporting
Partner with IT, Legal, HR, and other departments to ensure alignment on GRC efforts.
Develop and deliver regular risk and compliance reporting to senior leadership and boards.
Act as a subject matter expert (SME) for GRC-related initiatives and queries. Qualifications
Education & Experience
Bachelor's degree in Information Security, Risk Management, Computer Science, or related field required.
4-6 years of experience in GRC, risk management, or compliance. Skills & Competencies
Strong knowledge of GRC tools (e.g., RSA Archer, ServiceNow GRC).
Familiarity with risk management frameworks (COBIT, FAIR) and compliance standards.
Advanced analytical, problem-solving, and organizational skills.
Excellent verbal and written communication skills with the ability to influence at all levels.
Relevant certifications (CRISC, CISM, CISA, CISSP) highly preferred. Key Attributes
Strong attention to detail with ability to manage multiple priorities.
Proactive mindset with focus on continuous improvement.
Collaborative team player with strong stakeholder engagement skills.