Associa
We are seeking a detail-oriented and analytically-minded GRC Analyst to join our Information Security team to drive governance, risk management, and compliance initiatives across our enterprise. This role is critical to our comprehensive security transformation program, supporting our alignment with NIST CSF 2.0, CIS Controls implementation, and various compliance frameworks including SOC 2, PCI DSS, and potential GDPR requirements.
As part of our security organization supporting 10,000+ employees across multiple branch locations in the real estate and property management industry, this position will be instrumental in implementing our AI-based GRC platform, automating compliance processes, and ensuring consistent governance across all business units. The ideal candidate will have strong analytical skills, attention to detail, and the ability to translate complex regulatory requirements into actionable business processes.
Compliance Management and Monitoring
Framework Implementation and Maintenance
Lead implementation and maintenance of compliance frameworks including SOC 2 Type II, PCI DSS, and prepare for potential GDPR requirements Support NIST CSF 2.0 alignment initiative by mapping current controls to framework requirements and identifying gaps Implement CIS Controls across the organization and maintain compliance monitoring processes Develop and maintain compliance mapping documentation showing relationships between different frameworks Coordinate with external auditors and assessors for compliance validation activities Evidence Collection and Management
Design and implement automated evidence collection processes using the AI-based GRC platform Establish and maintain evidence repositories with proper access controls and retention policies Develop evidence collection workflows that integrate with existing security tools (XDR, SIEM, vulnerability scanners) Create and maintain compliance dashboards showing real-time compliance status across all frameworks Support audit activities by providing timely and accurate evidence packages Continuous Monitoring and Reporting
Implement continuous compliance monitoring processes to identify control failures in real-time Develop and maintain compliance metrics and KPIs aligned with business objectives Create executive-level compliance dashboards and reporting for leadership and board presentations Monitor regulatory changes and assess impact on current compliance programs Coordinate compliance reporting across all branch locations and business units Risk Management and Assessment
Enterprise Risk Assessment
Support bi-annual enterprise risk assessments by coordinating with business units and collecting risk data Maintain the enterprise risk register with current threat information, vulnerabilities, and control effectiveness Develop risk assessment methodologies appropriate for real estate and property management operations Coordinate with business units to conduct business impact analyses and risk tolerance assessments Support third-party risk assessments for vendors and service providers Risk Monitoring and Reporting
Implement risk monitoring processes using automated tools and manual assessment techniques Develop risk metrics and reporting that provide actionable insights to leadership Create and maintain risk treatment plans with clear timelines, owners, and success criteria Monitor risk trends and emerging threats relevant to the real estate industry Support incident response activities by providing risk context and impact analysis Control Effectiveness Assessment
Design and implement control testing programs to validate effectiveness of security controls Coordinate bi-annual security control testing initiatives across all business functions Develop control testing methodologies that leverage automation where possible Maintain control effectiveness documentation and remediation tracking Support management in making risk-based decisions about control investments and improvements GRC Platform Management and Automation (20%)
Platform Implementation and Administration
Lead the implementation of the AI-based GRC platform, including configuration, integration, and user training Develop automated workflows for compliance activities, risk assessments, and control testing Integrate GRC platform with existing security tools to automate evidence collection and control monitoring Maintain platform configurations, user access controls, and data quality standards Coordinate with IT teams to ensure proper platform integration and data flows Process Automation and Optimization
Identify opportunities to automate manual GRC processes and implement efficiency improvements Develop automated reporting and alerting capabilities for compliance and risk management activities Create workflow automation for control testing, evidence collection, and remediation tracking Implement data analytics capabilities to identify trends and predictive insights Support the security champions program by providing self-service GRC capabilities Data Management and Analytics
Establish data governance processes for GRC-related information Develop analytics and reporting capabilities that provide actionable insights to stakeholders Maintain data quality standards and implement data validation processes Create predictive analytics models to identify potential compliance issues before they occur Support decision-making with data-driven recommendations and trend analysis Policy and Documentation Management (15%)
Policy Development and Maintenance
Support the development and annual review of security policies aligned with compliance requirements Create and maintain policy implementation guides and procedures for business units Develop policy compliance monitoring processes and exception management workflows Coordinate policy awareness training and ensure consistent implementation across all locations Maintain policy version control and change management processes Documentation and Knowledge Management
Create and maintain comprehensive GRC documentation including procedures, work instructions, and training materials Develop knowledge management processes to capture and share GRC expertise across the organization Maintain regulatory and framework libraries with current requirements and guidance Create training materials and documentation for the security champions program Support knowledge transfer and cross-training initiatives within the security team Experience
3+ years
of experience in governance, risk management, compliance, or audit roles 2+ years
hands-on experience with compliance frameworks (SOC 2, ISO 27001, NIST, PCI DSS, etc.) Experience with GRC platforms/tools (Drata, Vanta, ServiceNow GRC, Archer) Background in risk assessment methodologies and control testing procedures Technical Skills
GRC and Compliance Tools
GRC Platforms:
Experience with enterprise GRC platforms and workflow automation Audit Tools:
Knowledge of audit management systems and evidence collection tools Risk Assessment:
Familiarity with quantitative and qualitative risk assessment methodologies (FAIR) Documentation:
Advanced proficiency with documentation and process mapping tools Analytics:
Experience with data analysis tools (Excel, Power BI, or similar) Frameworks and Standards
Compliance Frameworks:
Working knowledge of SOC 2, ISO 27001, NIST CSF, PCI DSS, GDPR Control Frameworks:
Understanding of COSO Internal Controls, CIS Controls, NIST 800-53 Technical Competencies
Data Analysis:
Proficiency in data analysis, statistical methods, and trend identification Process Improvement:
Experience with process mapping, workflow optimization, and automation Project Management:
Basic project management skills and familiarity with project management tools Communication:
Strong written and verbal communication skills for various stakeholder audiences Certifications (Preferred)
GRC-Specific:
Certified GRC Professional (GRCP), OCEG GRC Capability Model Risk Management:
Certified Risk Management Professional (CRMP), Professional Risk Manager (PRM) Compliance:
Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) Privacy:
Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM) Preferred Qualifications
Advanced Experience
Experience supporting board-level risk and audit committee reporting Previous experience with security program transformation or maturity improvement initiatives Technical Expertise
Advanced knowledge of automation and workflow development Experience with API integrations and data connectivity solutions Knowledge of machine learning/AI applications in GRC and compliance monitoring Experience with cloud compliance and security frameworks Leadership and Communication
Experience training and mentoring staff on GRC concepts and procedures Strong presentation and communication skills Experience developing and delivering compliance training programs Background in change management and organizational transformation Key Competencies
Analytical and Technical Competencies
Critical Thinking:
Ability to analyze complex compliance requirements and translate them into actionable processes Attention to Detail:
Meticulous attention to detail in documentation, evidence collection, and control testing Data Analysis:
Strong analytical skills to identify trends, gaps, and improvement opportunities Process Orientation:
Systematic approach to developing and maintaining consistent processes Technology Aptitude:
Comfort with technology tools and ability to learn new platforms quickly Professional Competencies
Communication:
Excellent written and verbal communication skills with ability to explain complex concepts clearly Stakeholder Management:
Ability to work effectively with diverse stakeholders across all organizational levels Adaptability:
Flexibility to work in a dynamic environment with changing regulatory requirements Initiative:
Self-motivated with ability to work independently and identify improvement opportunities Collaboration:
Strong teamwork skills and ability to coordinate cross-functional initiatives
As part of our security organization supporting 10,000+ employees across multiple branch locations in the real estate and property management industry, this position will be instrumental in implementing our AI-based GRC platform, automating compliance processes, and ensuring consistent governance across all business units. The ideal candidate will have strong analytical skills, attention to detail, and the ability to translate complex regulatory requirements into actionable business processes.
Compliance Management and Monitoring
Framework Implementation and Maintenance
Lead implementation and maintenance of compliance frameworks including SOC 2 Type II, PCI DSS, and prepare for potential GDPR requirements Support NIST CSF 2.0 alignment initiative by mapping current controls to framework requirements and identifying gaps Implement CIS Controls across the organization and maintain compliance monitoring processes Develop and maintain compliance mapping documentation showing relationships between different frameworks Coordinate with external auditors and assessors for compliance validation activities Evidence Collection and Management
Design and implement automated evidence collection processes using the AI-based GRC platform Establish and maintain evidence repositories with proper access controls and retention policies Develop evidence collection workflows that integrate with existing security tools (XDR, SIEM, vulnerability scanners) Create and maintain compliance dashboards showing real-time compliance status across all frameworks Support audit activities by providing timely and accurate evidence packages Continuous Monitoring and Reporting
Implement continuous compliance monitoring processes to identify control failures in real-time Develop and maintain compliance metrics and KPIs aligned with business objectives Create executive-level compliance dashboards and reporting for leadership and board presentations Monitor regulatory changes and assess impact on current compliance programs Coordinate compliance reporting across all branch locations and business units Risk Management and Assessment
Enterprise Risk Assessment
Support bi-annual enterprise risk assessments by coordinating with business units and collecting risk data Maintain the enterprise risk register with current threat information, vulnerabilities, and control effectiveness Develop risk assessment methodologies appropriate for real estate and property management operations Coordinate with business units to conduct business impact analyses and risk tolerance assessments Support third-party risk assessments for vendors and service providers Risk Monitoring and Reporting
Implement risk monitoring processes using automated tools and manual assessment techniques Develop risk metrics and reporting that provide actionable insights to leadership Create and maintain risk treatment plans with clear timelines, owners, and success criteria Monitor risk trends and emerging threats relevant to the real estate industry Support incident response activities by providing risk context and impact analysis Control Effectiveness Assessment
Design and implement control testing programs to validate effectiveness of security controls Coordinate bi-annual security control testing initiatives across all business functions Develop control testing methodologies that leverage automation where possible Maintain control effectiveness documentation and remediation tracking Support management in making risk-based decisions about control investments and improvements GRC Platform Management and Automation (20%)
Platform Implementation and Administration
Lead the implementation of the AI-based GRC platform, including configuration, integration, and user training Develop automated workflows for compliance activities, risk assessments, and control testing Integrate GRC platform with existing security tools to automate evidence collection and control monitoring Maintain platform configurations, user access controls, and data quality standards Coordinate with IT teams to ensure proper platform integration and data flows Process Automation and Optimization
Identify opportunities to automate manual GRC processes and implement efficiency improvements Develop automated reporting and alerting capabilities for compliance and risk management activities Create workflow automation for control testing, evidence collection, and remediation tracking Implement data analytics capabilities to identify trends and predictive insights Support the security champions program by providing self-service GRC capabilities Data Management and Analytics
Establish data governance processes for GRC-related information Develop analytics and reporting capabilities that provide actionable insights to stakeholders Maintain data quality standards and implement data validation processes Create predictive analytics models to identify potential compliance issues before they occur Support decision-making with data-driven recommendations and trend analysis Policy and Documentation Management (15%)
Policy Development and Maintenance
Support the development and annual review of security policies aligned with compliance requirements Create and maintain policy implementation guides and procedures for business units Develop policy compliance monitoring processes and exception management workflows Coordinate policy awareness training and ensure consistent implementation across all locations Maintain policy version control and change management processes Documentation and Knowledge Management
Create and maintain comprehensive GRC documentation including procedures, work instructions, and training materials Develop knowledge management processes to capture and share GRC expertise across the organization Maintain regulatory and framework libraries with current requirements and guidance Create training materials and documentation for the security champions program Support knowledge transfer and cross-training initiatives within the security team Experience
3+ years
of experience in governance, risk management, compliance, or audit roles 2+ years
hands-on experience with compliance frameworks (SOC 2, ISO 27001, NIST, PCI DSS, etc.) Experience with GRC platforms/tools (Drata, Vanta, ServiceNow GRC, Archer) Background in risk assessment methodologies and control testing procedures Technical Skills
GRC and Compliance Tools
GRC Platforms:
Experience with enterprise GRC platforms and workflow automation Audit Tools:
Knowledge of audit management systems and evidence collection tools Risk Assessment:
Familiarity with quantitative and qualitative risk assessment methodologies (FAIR) Documentation:
Advanced proficiency with documentation and process mapping tools Analytics:
Experience with data analysis tools (Excel, Power BI, or similar) Frameworks and Standards
Compliance Frameworks:
Working knowledge of SOC 2, ISO 27001, NIST CSF, PCI DSS, GDPR Control Frameworks:
Understanding of COSO Internal Controls, CIS Controls, NIST 800-53 Technical Competencies
Data Analysis:
Proficiency in data analysis, statistical methods, and trend identification Process Improvement:
Experience with process mapping, workflow optimization, and automation Project Management:
Basic project management skills and familiarity with project management tools Communication:
Strong written and verbal communication skills for various stakeholder audiences Certifications (Preferred)
GRC-Specific:
Certified GRC Professional (GRCP), OCEG GRC Capability Model Risk Management:
Certified Risk Management Professional (CRMP), Professional Risk Manager (PRM) Compliance:
Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA) Privacy:
Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM) Preferred Qualifications
Advanced Experience
Experience supporting board-level risk and audit committee reporting Previous experience with security program transformation or maturity improvement initiatives Technical Expertise
Advanced knowledge of automation and workflow development Experience with API integrations and data connectivity solutions Knowledge of machine learning/AI applications in GRC and compliance monitoring Experience with cloud compliance and security frameworks Leadership and Communication
Experience training and mentoring staff on GRC concepts and procedures Strong presentation and communication skills Experience developing and delivering compliance training programs Background in change management and organizational transformation Key Competencies
Analytical and Technical Competencies
Critical Thinking:
Ability to analyze complex compliance requirements and translate them into actionable processes Attention to Detail:
Meticulous attention to detail in documentation, evidence collection, and control testing Data Analysis:
Strong analytical skills to identify trends, gaps, and improvement opportunities Process Orientation:
Systematic approach to developing and maintaining consistent processes Technology Aptitude:
Comfort with technology tools and ability to learn new platforms quickly Professional Competencies
Communication:
Excellent written and verbal communication skills with ability to explain complex concepts clearly Stakeholder Management:
Ability to work effectively with diverse stakeholders across all organizational levels Adaptability:
Flexibility to work in a dynamic environment with changing regulatory requirements Initiative:
Self-motivated with ability to work independently and identify improvement opportunities Collaboration:
Strong teamwork skills and ability to coordinate cross-functional initiatives