ACRISURE
Job Summary
We are seeking a highly experienced and motivated Senior GRC Analyst to join our dynamic team. The ideal candidate will have between 10 to 25 years of experience in responding to client / prospect compliance questionnaires and cybersecurity assessments, performing internal risk assessments, maintaining awareness of existing and proposed cyber security regulations, and hands-on experience with audit, governance, risk, and compliance (GRC) frameworks. This individual will work across multiple departments to ensure security solutions protect both internal and third party (vendor) systems and customer data. You will play a critical role in ensuring that security practices are aligned with compliance requirements while driving technical solutions for secure systems and data protection across the entire organization. Join one of the fastest-growing companies in the world, where you\'ll not only deepen your expertise across cybersecurity, compliance, and privacy frameworks, but also mentor and be mentored by some of the brightest minds in the industry—an environment built for growth, impact, and continuous learning.
Responsibilities
Demonstrated expertise in completing Security Questionnaires, Risk Assessments, Due Diligence Questionnaires (DDQs), RFIs, and other technical ad hoc requests from clients, regulators, and partners. Lead the development and execution of GRC programs across the enterprise, with a focus on cybersecurity frameworks, regulatory compliance, and risk management. Coordinate internal and external audits, including SOC 2 Type I / II readiness, SOX ITGC testing, and HIPAA security rule assessments. Manage evidence collection and remediation efforts. Align technical and administrative controls with regulatory and audit requirements, leveraging frameworks such as NIST CSF, ISO 27001, and COBIT. Collaborate with cross-functional teams to drive security initiatives and ensure protection of internal, vendor, and customer data. Engage with stakeholders to communicate risk, controls, and remediation plans; mentor junior engineers and act as a security subject matter expert.
Requirements / Education and Experience
In-depth experience with regulatory frameworks and standards including SOX, HIPAA, SOC 2, NYDFS Cybersecurity Regulation, GDPR, and PCI-DSS. Must stay current with evolving global cybersecurity laws and compliance obligations. Proven ability to lead cross-functional teams, mentor junior engineers, and serve as a subject matter expert in security technologies, tools, and frameworks. Strong communication skills to engage with technical and non-technical stakeholders. 5+ years of relevant experience in security engineering and GRC-focused security solutions development. Deep understanding of security standards and frameworks such as NIST, ISO 27001, CIS Controls, and industry compliance regulations (NYDFS, GDPR, HIPAA, PCI-DSS). Proven ability to manage complex timelines and deliverables, ensuring alignment with organizational goals and regulatory requirements. Strong leadership and communication skills, with a track record of engaging stakeholders and guiding security teams toward shared objectives. On-site presence required to support collaboration, team leadership, and cross-functional partnership.
Benefits
Competitive compensation Generous vacation policy, paid holidays, and paid sick time Medical Insurance, Dental Insurance, and Vision Insurance (employee-paid) Company-paid Short-Term and Long-Term Disability Insurance Company-paid Group Life insurance Company-paid Employee Assistance Program (EAP) and Calm App subscription Employee-paid Pet Insurance and optional supplemental insurance coverage Vested 401(k) with company match and financial wellness programs Flexible Spending Account (FSA), Health Savings Account (HSA) and commuter benefits options Paid maternity leave, paid paternity leave, and fertility benefits Career growth and learning opportunities
Other Notes
Please note:
This list is not reflective of all benefits. Enrollment waiting periods or eligibility criteria may apply to certain benefits. Offerings may vary based on subsidiary entity or geographic location.
Making a lasting impact on the communities it serves, Acrisure has pledged more than $22 million through its partnerships with Corewell Health Helen DeVos Children\'s Hospital in Grand Rapids, Michigan, UPMC Children\'s Hospital in Pittsburgh, Pennsylvania and Blythedale Children\'s Hospital in Valhalla, New York.
At Acrisure, we firmly believe that an inclusive workforce drives innovation, creativity, and ultimately, our collective success. We recruit, hire, employ, train, promote, and compensate individuals based on job-related qualifications and abilities. Acrisure also has a longstanding policy of providing a work environment that respects the dignity and worth of each individual and is free from all forms of employment discrimination. Acrisure also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief, in accordance with applicable laws. If you need to inquire about an accommodation, or need assistance with completing the application process, please email. California residents can learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy available at www.Acrisure.com / privacy / caapplicant.
Pay Details :
The base compensation range for this position is $120,000 - $140,000. This range reflects Acrisure\'s good faith estimate at the time of this posting. Placement within the range will be based on a variety of factors, including but not limited to skills, experience, qualifications, location, and internal equity.
#J-18808-Ljbffr
We are seeking a highly experienced and motivated Senior GRC Analyst to join our dynamic team. The ideal candidate will have between 10 to 25 years of experience in responding to client / prospect compliance questionnaires and cybersecurity assessments, performing internal risk assessments, maintaining awareness of existing and proposed cyber security regulations, and hands-on experience with audit, governance, risk, and compliance (GRC) frameworks. This individual will work across multiple departments to ensure security solutions protect both internal and third party (vendor) systems and customer data. You will play a critical role in ensuring that security practices are aligned with compliance requirements while driving technical solutions for secure systems and data protection across the entire organization. Join one of the fastest-growing companies in the world, where you\'ll not only deepen your expertise across cybersecurity, compliance, and privacy frameworks, but also mentor and be mentored by some of the brightest minds in the industry—an environment built for growth, impact, and continuous learning.
Responsibilities
Demonstrated expertise in completing Security Questionnaires, Risk Assessments, Due Diligence Questionnaires (DDQs), RFIs, and other technical ad hoc requests from clients, regulators, and partners. Lead the development and execution of GRC programs across the enterprise, with a focus on cybersecurity frameworks, regulatory compliance, and risk management. Coordinate internal and external audits, including SOC 2 Type I / II readiness, SOX ITGC testing, and HIPAA security rule assessments. Manage evidence collection and remediation efforts. Align technical and administrative controls with regulatory and audit requirements, leveraging frameworks such as NIST CSF, ISO 27001, and COBIT. Collaborate with cross-functional teams to drive security initiatives and ensure protection of internal, vendor, and customer data. Engage with stakeholders to communicate risk, controls, and remediation plans; mentor junior engineers and act as a security subject matter expert.
Requirements / Education and Experience
In-depth experience with regulatory frameworks and standards including SOX, HIPAA, SOC 2, NYDFS Cybersecurity Regulation, GDPR, and PCI-DSS. Must stay current with evolving global cybersecurity laws and compliance obligations. Proven ability to lead cross-functional teams, mentor junior engineers, and serve as a subject matter expert in security technologies, tools, and frameworks. Strong communication skills to engage with technical and non-technical stakeholders. 5+ years of relevant experience in security engineering and GRC-focused security solutions development. Deep understanding of security standards and frameworks such as NIST, ISO 27001, CIS Controls, and industry compliance regulations (NYDFS, GDPR, HIPAA, PCI-DSS). Proven ability to manage complex timelines and deliverables, ensuring alignment with organizational goals and regulatory requirements. Strong leadership and communication skills, with a track record of engaging stakeholders and guiding security teams toward shared objectives. On-site presence required to support collaboration, team leadership, and cross-functional partnership.
Benefits
Competitive compensation Generous vacation policy, paid holidays, and paid sick time Medical Insurance, Dental Insurance, and Vision Insurance (employee-paid) Company-paid Short-Term and Long-Term Disability Insurance Company-paid Group Life insurance Company-paid Employee Assistance Program (EAP) and Calm App subscription Employee-paid Pet Insurance and optional supplemental insurance coverage Vested 401(k) with company match and financial wellness programs Flexible Spending Account (FSA), Health Savings Account (HSA) and commuter benefits options Paid maternity leave, paid paternity leave, and fertility benefits Career growth and learning opportunities
Other Notes
Please note:
This list is not reflective of all benefits. Enrollment waiting periods or eligibility criteria may apply to certain benefits. Offerings may vary based on subsidiary entity or geographic location.
Making a lasting impact on the communities it serves, Acrisure has pledged more than $22 million through its partnerships with Corewell Health Helen DeVos Children\'s Hospital in Grand Rapids, Michigan, UPMC Children\'s Hospital in Pittsburgh, Pennsylvania and Blythedale Children\'s Hospital in Valhalla, New York.
At Acrisure, we firmly believe that an inclusive workforce drives innovation, creativity, and ultimately, our collective success. We recruit, hire, employ, train, promote, and compensate individuals based on job-related qualifications and abilities. Acrisure also has a longstanding policy of providing a work environment that respects the dignity and worth of each individual and is free from all forms of employment discrimination. Acrisure also provides reasonable accommodation to qualified individuals with disabilities or based on a sincerely held religious belief, in accordance with applicable laws. If you need to inquire about an accommodation, or need assistance with completing the application process, please email. California residents can learn more about our privacy practices for applicants by visiting the Acrisure California Applicant Privacy Policy available at www.Acrisure.com / privacy / caapplicant.
Pay Details :
The base compensation range for this position is $120,000 - $140,000. This range reflects Acrisure\'s good faith estimate at the time of this posting. Placement within the range will be based on a variety of factors, including but not limited to skills, experience, qualifications, location, and internal equity.
#J-18808-Ljbffr