Recru
Job Summary: Our client, a geothermal energy company in Houston, is seeking a GRC Analyst for a contract-to-hire position. In this role, you’ll help implement and maintain security and compliance frameworks, prepare audit documentation, manage policy governance, monitor regulatory changes, and coordinate the remediation of audit findings.
Key Responsibilities
Support NIST CSF and ISO 27001 implementation; maintain NERC CIP compliance.
Prepare documentation and processes for audits (internal, external, regulatory).
Manage policy governance, version control, and internal communications.
Monitor regulatory changes and assess impact on controls.
Assist with audit readiness and execution for certifications (ISO 27001, NERC CIP).
Track and coordinate remediation of audit findings.
Maintain compliance documentation and evidence.
Identify and document security and compliance risks.
Support risk management lifecycle and maintain risk registers.
Conduct vendor risk assessments and collaborate with procurement/legal teams.
Develop dashboards and reports for compliance, audit, and risk metrics.
Prepare executive materials for risk and governance committees.
Required Skills & Experience
Bachelor’s degree in Information Security, Risk Management, Business, or related field (or equivalent experience).
5+ years in GRC, audit, compliance, or risk management.
Familiarity with security frameworks (NIST CSF, ISO 27001, SOC 2, PCI DSS).
Understanding of regulatory requirements (GDPR, CCPA).
Strong organizational and documentation skills.
Preferred Qualifications
Security or GRC certifications (CISA, CRISC, ISO 27001 Lead Implementer, CISSP).
Experience with GRC platforms (OneTrust, MetricStream, Archer, Tugboat Logic, ServiceNow GRC).
Exposure to enterprise/cloud environments (AWS, Azure).
Excellent communication and presentation skills.
Candidate must be willing to go onsite in Downtown Houston 4 days a week.
#J-18808-Ljbffr
Key Responsibilities
Support NIST CSF and ISO 27001 implementation; maintain NERC CIP compliance.
Prepare documentation and processes for audits (internal, external, regulatory).
Manage policy governance, version control, and internal communications.
Monitor regulatory changes and assess impact on controls.
Assist with audit readiness and execution for certifications (ISO 27001, NERC CIP).
Track and coordinate remediation of audit findings.
Maintain compliance documentation and evidence.
Identify and document security and compliance risks.
Support risk management lifecycle and maintain risk registers.
Conduct vendor risk assessments and collaborate with procurement/legal teams.
Develop dashboards and reports for compliance, audit, and risk metrics.
Prepare executive materials for risk and governance committees.
Required Skills & Experience
Bachelor’s degree in Information Security, Risk Management, Business, or related field (or equivalent experience).
5+ years in GRC, audit, compliance, or risk management.
Familiarity with security frameworks (NIST CSF, ISO 27001, SOC 2, PCI DSS).
Understanding of regulatory requirements (GDPR, CCPA).
Strong organizational and documentation skills.
Preferred Qualifications
Security or GRC certifications (CISA, CRISC, ISO 27001 Lead Implementer, CISSP).
Experience with GRC platforms (OneTrust, MetricStream, Archer, Tugboat Logic, ServiceNow GRC).
Exposure to enterprise/cloud environments (AWS, Azure).
Excellent communication and presentation skills.
Candidate must be willing to go onsite in Downtown Houston 4 days a week.
#J-18808-Ljbffr