Timus Consulting Services
Experience:
3–6 years in Governance, Risk, and Compliance (GRC) Role Type:
Mid-Level (Consulting / Implementation) Location:
Houston, TX / Hybrid Remote (70% to be in client office in Houston) Job type:
Contract (6 months with extension) Job Overview
We are seeking a highly skilled
GRC Business Analyst
with deep expertise in
Governance, Risk, and Compliance frameworks
such as
ISO 27001, NIST RMF, and COBIT . The ideal candidate will act as a functional SME in helping clients define their GRC Baselines, Business Processes, Risk and Control Lifecycles, and Reporting Frameworks while leading the implementation of
IBM OpenPages GRC
across domains like IT Governance, Operational Risk, Compliance, and Enterprise Risk Management. This role requires strong analytical, process-oriented, and client-facing capabilities to bridge business requirements with GRC solution design and ensure end-to-end implementation excellence. Key Responsibilities
Process Definition and Lifecycle Management
Lead end-to-end process design workshops with business and technical stakeholders. Define process flows, ownership structures, control points, approval stages, and integration touchpoints for each GRC domain. Translate complex business and regulatory requirements into structured GRC workflows and lifecycle models in OpenPages. Ensure all process designs are aligned with ISO 27001, NIST RMF, COBIT, and other best-practice frameworks.
Baseline Definition, Flow, and Lifecycle
Define and establish GRC baseline frameworks including risk taxonomies, control libraries, policy baselines, and compliance mappings. Design the baseline creation, approval, review, and update lifecycle, ensuring governance and auditability. Maintain consistent baseline alignment across business units and risk domains within OpenPages.
Risk Assessment and Management Lifecycle
Define and operationalize Risk Identification, Assessment, Evaluation, Mitigation, and Monitoring processes. Develop risk scoring models, thresholds, and linkage between risks, controls, issues, and action plans. Configure risk and control workflows in OpenPages to automate periodic reviews, control testing, and remediation activities. Provide business guidance for implementing key risk indicators (KRIs) and key performance indicators (KPIs) for enterprise reporting.
Enterprise Reporting and Workflow in GRC
Define enterprise-level reporting requirements across risk, compliance, and governance domains. Collaborate with reporting specialists to design dashboards, risk heat maps, and executive summaries within OpenPages. Streamline workflow automation to ensure timely escalations, approvals, and task assignments. Support the development of end-to-end GRC lifecycle reports—from data capture to final executive reporting.
Implementation Support and SME Advisory
Work closely with technical teams to align business and configuration requirements. Participate in fit-gap analysis, UAT design, and functional validation of implemented modules. Deliver user documentation, SOPs, and training to ensure smooth adoption. Act as a trusted advisor to clients on GRC maturity, governance structures, and continuous improvement opportunities.
Required Skills and Qualifications
3–6 years of experience in Governance, Risk, and Compliance, preferably in consulting or enterprise implementation roles. Deep understanding of ISO 27001, NIST RMF, COBIT, or similar GRC frameworks. Process definition and lifecycle management expertise. Baseline framework design and control libraries familiarity. Risk assessment and management lifecycle design skills. GRC enterprise reporting and workflow orchestration capabilities. Familiarity with IBM OpenPages GRC or similar platforms (RSA Archer, ServiceNow GRC, MetricStream, etc.). Strong documentation, analytical, and client engagement skills. Excellent communication and presentation abilities. Preferred Qualifications
Hands-on experience implementing or supporting IBM OpenPages GRC. Professional certifications such as ISO 27001 Lead Implementer / Auditor, NIST RMF Practitioner, CRISC, or CGEIT. Exposure to Operational Risk, IT Governance, Compliance, and Third-Party Risk Management domains. Experience designing KRI/KPI frameworks and executive-level risk dashboards. Job Summary
Seniority level:
Mid-Senior level Employment type:
Contract Job function:
Research, Analyst, and Information Technology Industries:
IT Services and IT Consulting
#J-18808-Ljbffr
3–6 years in Governance, Risk, and Compliance (GRC) Role Type:
Mid-Level (Consulting / Implementation) Location:
Houston, TX / Hybrid Remote (70% to be in client office in Houston) Job type:
Contract (6 months with extension) Job Overview
We are seeking a highly skilled
GRC Business Analyst
with deep expertise in
Governance, Risk, and Compliance frameworks
such as
ISO 27001, NIST RMF, and COBIT . The ideal candidate will act as a functional SME in helping clients define their GRC Baselines, Business Processes, Risk and Control Lifecycles, and Reporting Frameworks while leading the implementation of
IBM OpenPages GRC
across domains like IT Governance, Operational Risk, Compliance, and Enterprise Risk Management. This role requires strong analytical, process-oriented, and client-facing capabilities to bridge business requirements with GRC solution design and ensure end-to-end implementation excellence. Key Responsibilities
Process Definition and Lifecycle Management
Lead end-to-end process design workshops with business and technical stakeholders. Define process flows, ownership structures, control points, approval stages, and integration touchpoints for each GRC domain. Translate complex business and regulatory requirements into structured GRC workflows and lifecycle models in OpenPages. Ensure all process designs are aligned with ISO 27001, NIST RMF, COBIT, and other best-practice frameworks.
Baseline Definition, Flow, and Lifecycle
Define and establish GRC baseline frameworks including risk taxonomies, control libraries, policy baselines, and compliance mappings. Design the baseline creation, approval, review, and update lifecycle, ensuring governance and auditability. Maintain consistent baseline alignment across business units and risk domains within OpenPages.
Risk Assessment and Management Lifecycle
Define and operationalize Risk Identification, Assessment, Evaluation, Mitigation, and Monitoring processes. Develop risk scoring models, thresholds, and linkage between risks, controls, issues, and action plans. Configure risk and control workflows in OpenPages to automate periodic reviews, control testing, and remediation activities. Provide business guidance for implementing key risk indicators (KRIs) and key performance indicators (KPIs) for enterprise reporting.
Enterprise Reporting and Workflow in GRC
Define enterprise-level reporting requirements across risk, compliance, and governance domains. Collaborate with reporting specialists to design dashboards, risk heat maps, and executive summaries within OpenPages. Streamline workflow automation to ensure timely escalations, approvals, and task assignments. Support the development of end-to-end GRC lifecycle reports—from data capture to final executive reporting.
Implementation Support and SME Advisory
Work closely with technical teams to align business and configuration requirements. Participate in fit-gap analysis, UAT design, and functional validation of implemented modules. Deliver user documentation, SOPs, and training to ensure smooth adoption. Act as a trusted advisor to clients on GRC maturity, governance structures, and continuous improvement opportunities.
Required Skills and Qualifications
3–6 years of experience in Governance, Risk, and Compliance, preferably in consulting or enterprise implementation roles. Deep understanding of ISO 27001, NIST RMF, COBIT, or similar GRC frameworks. Process definition and lifecycle management expertise. Baseline framework design and control libraries familiarity. Risk assessment and management lifecycle design skills. GRC enterprise reporting and workflow orchestration capabilities. Familiarity with IBM OpenPages GRC or similar platforms (RSA Archer, ServiceNow GRC, MetricStream, etc.). Strong documentation, analytical, and client engagement skills. Excellent communication and presentation abilities. Preferred Qualifications
Hands-on experience implementing or supporting IBM OpenPages GRC. Professional certifications such as ISO 27001 Lead Implementer / Auditor, NIST RMF Practitioner, CRISC, or CGEIT. Exposure to Operational Risk, IT Governance, Compliance, and Third-Party Risk Management domains. Experience designing KRI/KPI frameworks and executive-level risk dashboards. Job Summary
Seniority level:
Mid-Senior level Employment type:
Contract Job function:
Research, Analyst, and Information Technology Industries:
IT Services and IT Consulting
#J-18808-Ljbffr