ePlus inc.
Senior IT Governance, Risk, and Compliance (GRC) Analyst
ePlus inc., Herndon, Virginia, United States, 22070
Senior IT Governance, Risk, and Compliance (GRC) Analyst
Join to apply for the Senior IT Governance, Risk, and Compliance (GRC) Analyst role at ePlus inc. Overview As a Senior IT GRC (Governance, Risk, and Compliance) Analyst, you’ll play a strategic role in shaping and maintaining the integrity of our IT risk and compliance landscape. You will lead the ongoing development and execution of the ITS GRC program, covering key areas such as IT General Controls (ITGC), audits, IT service management, risk assessments, data privacy, disaster recovery, and vendor risk management. In this role, you’ll be a trusted advisor across the organization—driving best practices, identifying vulnerabilities, and ensuring our compliance posture remains strong and resilient. You’ll work with internal and external auditors to facilitate SOX 404 testing, coordinate remediation efforts, and provide enterprise-wide guidance, documentation, and project leadership to support the ePlus IT GRC framework.
YOUR IMPACT The essential functions of this position include:
Audit Management
Lead and coordinate ITGC/SOX 404 audits with internal and external audit teams.
Manage special audit projects and ensure timely tracking and remediation of findings.
Vendor & Third-Party Risk
Oversee vendor risk management for critical business services.
Request and evaluate SOC reports; flag and escalate high-risk vendors to application owners and leadership.
Maintain and update the vendor repository and associated dashboards.
Policy & Compliance
Develop, implement, and manage GRC-related policies and procedures.
Ensure company-wide compliance with relevant regulations and standards.
General IT Controls
Lead coordination, testing, evidence collection, and continuous improvement efforts for:
User Access Reviews (UAR)
ITGC documentation and procedures
SOX 404 reviews and testing
SSAE 18 SOC internal and external reviews
Compliance certifications (e.g., CMMC DFARS, ISO 9001)
Risk Management
Support the ongoing development and execution of the IT Risk Assessment program.
Identify, assess, and monitor risks across the IT landscape.
Disaster Recovery Program
Lead the development and execution of disaster recovery (DR) testing and documentation.
Apply best practices from frameworks such as DRI International and stay current with industry trends.
Qualifications
Education: Bachelor’s degree in a related field (e.g., Information Systems, Computer Science, Business) or equivalent professional experience.
Experience: Minimum of 5 years of hands-on experience in GRC Analysis, SOX 404 Audits, Vendor Risk Management, and IT General Controls within a mid-to-large sized organization. Experience in a publicly held company and collaborating with IT auditors is strongly preferred.
Risk & Compliance Expertise: Proven experience in vendor risk management and third-party risk assessment. Familiarity with PCI/DSS, HIPAA, SOC 1/2, CMMC, and ISO 9001 is desirable.
Technical Knowledge: Strong understanding of GRC principles, IT risk and controls, and IT audit methodologies.
Tools & Systems: Experience with incident management and IT service management platforms (e.g., ServiceNow) is a plus.
Collaboration & Communication: Ability to work cross-functionally across departments with excellent written and verbal communication skills.
Time Management & Organizational Skills: Ability to manage multiple priorities effectively, with strong attention to detail.
Customer Focus: Demonstrated customer-first mindset with a results-driven approach.
Technology Proficiency: Skilled in Microsoft Office Suite and related tools; familiarity with ServiceNow and Visio is a plus.
Certifications: CRISC, CISA, CISM, COBIT, COSO, ITIL, or other relevant certifications are a plus.
Position Specifics
The initial base salary range for this position is expected to be between $80,000 and $105,000 annually. The final base salary offered will be determined by multiple factors, including job-related knowledge, depth of experience, skills, certifications, and geographic location. In addition to base salary, compensation may include other components such as commissions and discretionary bonuses.
ePlus offers a full range of medical, financial, and/or other benefits (including 401(k) eligibility, employee stock purchase program and various paid time off benefits). Details of participation in these benefit plans will be provided if an offer is extended. ePlus Benefits highlights can be viewed here.
If hired, employee will be in an at-will position and the Company reserves the right to modify base salary and other compensation programs at any time, including for reasons related to performance and market factors.
Notice to Recruiting Agencies:
ePlus only accepts unsolicited resumes when presented directly by a candidate. Unsolicited resumes submitted to ePlus from any other source will be considered ePlus property and will not qualify for any placement or referral fees.
This job description serves as a guide and is not an employment contract. ePlus is an equal opportunity employer and does not discriminate based on race, color, religion, sex, sexual orientation, gender identity, age, national origin, citizenship, disability, veteran status, or any other classification protected by law.
#J-18808-Ljbffr
Join to apply for the Senior IT Governance, Risk, and Compliance (GRC) Analyst role at ePlus inc. Overview As a Senior IT GRC (Governance, Risk, and Compliance) Analyst, you’ll play a strategic role in shaping and maintaining the integrity of our IT risk and compliance landscape. You will lead the ongoing development and execution of the ITS GRC program, covering key areas such as IT General Controls (ITGC), audits, IT service management, risk assessments, data privacy, disaster recovery, and vendor risk management. In this role, you’ll be a trusted advisor across the organization—driving best practices, identifying vulnerabilities, and ensuring our compliance posture remains strong and resilient. You’ll work with internal and external auditors to facilitate SOX 404 testing, coordinate remediation efforts, and provide enterprise-wide guidance, documentation, and project leadership to support the ePlus IT GRC framework.
YOUR IMPACT The essential functions of this position include:
Audit Management
Lead and coordinate ITGC/SOX 404 audits with internal and external audit teams.
Manage special audit projects and ensure timely tracking and remediation of findings.
Vendor & Third-Party Risk
Oversee vendor risk management for critical business services.
Request and evaluate SOC reports; flag and escalate high-risk vendors to application owners and leadership.
Maintain and update the vendor repository and associated dashboards.
Policy & Compliance
Develop, implement, and manage GRC-related policies and procedures.
Ensure company-wide compliance with relevant regulations and standards.
General IT Controls
Lead coordination, testing, evidence collection, and continuous improvement efforts for:
User Access Reviews (UAR)
ITGC documentation and procedures
SOX 404 reviews and testing
SSAE 18 SOC internal and external reviews
Compliance certifications (e.g., CMMC DFARS, ISO 9001)
Risk Management
Support the ongoing development and execution of the IT Risk Assessment program.
Identify, assess, and monitor risks across the IT landscape.
Disaster Recovery Program
Lead the development and execution of disaster recovery (DR) testing and documentation.
Apply best practices from frameworks such as DRI International and stay current with industry trends.
Qualifications
Education: Bachelor’s degree in a related field (e.g., Information Systems, Computer Science, Business) or equivalent professional experience.
Experience: Minimum of 5 years of hands-on experience in GRC Analysis, SOX 404 Audits, Vendor Risk Management, and IT General Controls within a mid-to-large sized organization. Experience in a publicly held company and collaborating with IT auditors is strongly preferred.
Risk & Compliance Expertise: Proven experience in vendor risk management and third-party risk assessment. Familiarity with PCI/DSS, HIPAA, SOC 1/2, CMMC, and ISO 9001 is desirable.
Technical Knowledge: Strong understanding of GRC principles, IT risk and controls, and IT audit methodologies.
Tools & Systems: Experience with incident management and IT service management platforms (e.g., ServiceNow) is a plus.
Collaboration & Communication: Ability to work cross-functionally across departments with excellent written and verbal communication skills.
Time Management & Organizational Skills: Ability to manage multiple priorities effectively, with strong attention to detail.
Customer Focus: Demonstrated customer-first mindset with a results-driven approach.
Technology Proficiency: Skilled in Microsoft Office Suite and related tools; familiarity with ServiceNow and Visio is a plus.
Certifications: CRISC, CISA, CISM, COBIT, COSO, ITIL, or other relevant certifications are a plus.
Position Specifics
The initial base salary range for this position is expected to be between $80,000 and $105,000 annually. The final base salary offered will be determined by multiple factors, including job-related knowledge, depth of experience, skills, certifications, and geographic location. In addition to base salary, compensation may include other components such as commissions and discretionary bonuses.
ePlus offers a full range of medical, financial, and/or other benefits (including 401(k) eligibility, employee stock purchase program and various paid time off benefits). Details of participation in these benefit plans will be provided if an offer is extended. ePlus Benefits highlights can be viewed here.
If hired, employee will be in an at-will position and the Company reserves the right to modify base salary and other compensation programs at any time, including for reasons related to performance and market factors.
Notice to Recruiting Agencies:
ePlus only accepts unsolicited resumes when presented directly by a candidate. Unsolicited resumes submitted to ePlus from any other source will be considered ePlus property and will not qualify for any placement or referral fees.
This job description serves as a guide and is not an employment contract. ePlus is an equal opportunity employer and does not discriminate based on race, color, religion, sex, sexual orientation, gender identity, age, national origin, citizenship, disability, veteran status, or any other classification protected by law.
#J-18808-Ljbffr