Associa
GRC Analyst
We are seeking a detail-oriented and analytically-minded GRC Analyst to join our Information Security team to drive governance, risk management, and compliance initiatives across our enterprise. This role is critical to our comprehensive security transformation program, supporting our alignment with NIST CSF 2.0, CIS Controls implementation, and various compliance frameworks including SOC 2, PCI DSS, and potential GDPR requirements. As part of our security organization supporting 10,000+ employees across multiple branch locations in the real estate and property management industry, this position will be instrumental in implementing our AI-based GRC platform, automating compliance processes, and ensuring consistent governance across all business units. The ideal candidate will have strong analytical skills, attention to detail, and the ability to translate complex regulatory requirements into actionable business processes. Compliance Management and Monitoring Lead implementation and maintenance of compliance frameworks including SOC 2 Type II, PCI DSS, and prepare for potential GDPR requirements Support NIST CSF 2.0 alignment initiative by mapping current controls to framework requirements and identifying gaps Implement CIS Controls across the organization and maintain compliance monitoring processes Develop and maintain compliance mapping documentation showing relationships between different frameworks Coordinate with external auditors and assessors for compliance validation activities Evidence Collection and Management Design and implement automated evidence collection processes using the AI-based GRC platform Establish and maintain evidence repositories with proper access controls and retention policies Develop evidence collection workflows that integrate with existing security tools (XDR, SIEM, vulnerability scanners) Create and maintain compliance dashboards showing real-time compliance status across all frameworks Support audit activities by providing timely and accurate evidence packages Continuous Monitoring and Reporting Implement continuous compliance monitoring processes to identify control failures in real-time Develop and maintain compliance metrics and KPIs aligned with business objectives Create executive-level compliance dashboards and reporting for leadership and board presentations Monitor regulatory changes and assess impact on current compliance programs Coordinate compliance reporting across all branch locations and business units Risk Management and Assessment Enterprise Risk Assessment Support bi-annual enterprise risk assessments by coordinating with business units and collecting risk data Maintain the enterprise risk register with current threat information, vulnerabilities, and control effectiveness Develop risk assessment methodologies appropriate for real estate and property management operations Coordinate with business units to conduct business impact analyses and risk tolerance assessments Support third-party risk assessments for vendors and service providers Risk Monitoring and Reporting Implement risk monitoring processes using automated tools and manual assessment techniques Develop risk metrics and reporting that provide actionable insights to leadership Create and maintain risk treatment plans with clear timelines, owners, and success criteria Monitor risk trends and emerging threats relevant to the real estate industry Support incident response activities by providing risk context and impact analysis Control Effectiveness Assessment Design and implement control testing programs to validate effectiveness of security controls Coordinate bi-annual security control testing initiatives across all business functions Develop control testing methodologies that leverage automation where possible Maintain control effectiveness documentation and remediation tracking Support management in making risk-based decisions about control investments and improvements GRC Platform Management and Automation (20%) Platform Implementation and Administration Lead the implementation of the AI-based GRC platform, including configuration, integration, and user training Develop automated workflows for compliance activities, risk assessments, and control testing Integrate GRC platform with existing security tools to automate evidence collection and control monitoring Maintain platform configurations, user access controls, and data quality standards Coordinate with IT teams to ensure proper platform integration and data flows Process Automation and Optimization Identify opportunities to automate manual GRC processes and implement efficiency improvements Develop automated reporting and alerting capabilities for compliance and risk management activities Create workflow automation for control testing, evidence collection, and remediation tracking Implement data analytics capabilities to identify trends and predictive insights Support the security champions program by providing self-service GRC capabilities Data Management and Analytics Establish data governance processes for GRC-related information Develop analytics and reporting capabilities that provide actionable insights to stakeholders Maintain data quality standards and implement data validation processes Create predictive analytics models to identify potential compliance issues before they occur Support decision-making with data-driven recommendations and trend analysis Policy and Documentation Management (15%) Policy Development and Maintenance Support the development and annual review of security policies aligned with compliance requirements Create and maintain policy implementation guides and procedures for business units Develop policy compliance monitoring processes and exception management workflows Coordinate policy awareness training and ensure consistent implementation across all locations Maintain policy version control and change management processes Documentation and Knowledge Management Create and maintain comprehensive GRC documentation including procedures, work instructions, and training materials Develop knowledge management processes to capture and share GRC expertise across the organization Maintain regulatory and framework libraries with current requirements and guidance Create training materials and documentation for the security champions program Support knowledge transfer and cross-training initiatives within the security team Requirements
Experience 3+ years
of experience in governance, risk management, compliance, or audit roles 2+ years
hands-on experience with compliance frameworks (SOC 2, ISO 27001, NIST, PCI DSS, etc.) Experience with GRC platforms/tools (Drata, Vanta, ServiceNow GRC, Archer) Background in risk assessment methodologies and control testing procedures Technical Skills GRC and Compliance Tools GRC Platforms:
Experience with enterprise GRC platforms and workflow automation Audit Tools:
Knowledge of audit management systems and evidence collection tools Risk Assessment:
Familiarity with quantitative and qualitative risk assessment methodologies (FAIR) Documentation:
Advanced proficiency with documentation and process mapping tools Analytics:
Experience with data analysis tools (Excel, Power BI, or similar) Frameworks and Standards Compliance Frameworks:
Working knowledge of SOC 2, ISO 27001, NIST CSF, PCI DSS, GDPR Control Frameworks:
Understanding of COSO Internal Controls, CIS Controls, NIST 800-53 Technical Competencies Data Analysis:
Proficiency in data analysis, statistical methods, and trend identification Process Improvement:
Experience with process mapping, workflow optimization, and automation Project Management:
Basic project management skills and familiarity with project management tools
We are seeking a detail-oriented and analytically-minded GRC Analyst to join our Information Security team to drive governance, risk management, and compliance initiatives across our enterprise. This role is critical to our comprehensive security transformation program, supporting our alignment with NIST CSF 2.0, CIS Controls implementation, and various compliance frameworks including SOC 2, PCI DSS, and potential GDPR requirements. As part of our security organization supporting 10,000+ employees across multiple branch locations in the real estate and property management industry, this position will be instrumental in implementing our AI-based GRC platform, automating compliance processes, and ensuring consistent governance across all business units. The ideal candidate will have strong analytical skills, attention to detail, and the ability to translate complex regulatory requirements into actionable business processes. Compliance Management and Monitoring Lead implementation and maintenance of compliance frameworks including SOC 2 Type II, PCI DSS, and prepare for potential GDPR requirements Support NIST CSF 2.0 alignment initiative by mapping current controls to framework requirements and identifying gaps Implement CIS Controls across the organization and maintain compliance monitoring processes Develop and maintain compliance mapping documentation showing relationships between different frameworks Coordinate with external auditors and assessors for compliance validation activities Evidence Collection and Management Design and implement automated evidence collection processes using the AI-based GRC platform Establish and maintain evidence repositories with proper access controls and retention policies Develop evidence collection workflows that integrate with existing security tools (XDR, SIEM, vulnerability scanners) Create and maintain compliance dashboards showing real-time compliance status across all frameworks Support audit activities by providing timely and accurate evidence packages Continuous Monitoring and Reporting Implement continuous compliance monitoring processes to identify control failures in real-time Develop and maintain compliance metrics and KPIs aligned with business objectives Create executive-level compliance dashboards and reporting for leadership and board presentations Monitor regulatory changes and assess impact on current compliance programs Coordinate compliance reporting across all branch locations and business units Risk Management and Assessment Enterprise Risk Assessment Support bi-annual enterprise risk assessments by coordinating with business units and collecting risk data Maintain the enterprise risk register with current threat information, vulnerabilities, and control effectiveness Develop risk assessment methodologies appropriate for real estate and property management operations Coordinate with business units to conduct business impact analyses and risk tolerance assessments Support third-party risk assessments for vendors and service providers Risk Monitoring and Reporting Implement risk monitoring processes using automated tools and manual assessment techniques Develop risk metrics and reporting that provide actionable insights to leadership Create and maintain risk treatment plans with clear timelines, owners, and success criteria Monitor risk trends and emerging threats relevant to the real estate industry Support incident response activities by providing risk context and impact analysis Control Effectiveness Assessment Design and implement control testing programs to validate effectiveness of security controls Coordinate bi-annual security control testing initiatives across all business functions Develop control testing methodologies that leverage automation where possible Maintain control effectiveness documentation and remediation tracking Support management in making risk-based decisions about control investments and improvements GRC Platform Management and Automation (20%) Platform Implementation and Administration Lead the implementation of the AI-based GRC platform, including configuration, integration, and user training Develop automated workflows for compliance activities, risk assessments, and control testing Integrate GRC platform with existing security tools to automate evidence collection and control monitoring Maintain platform configurations, user access controls, and data quality standards Coordinate with IT teams to ensure proper platform integration and data flows Process Automation and Optimization Identify opportunities to automate manual GRC processes and implement efficiency improvements Develop automated reporting and alerting capabilities for compliance and risk management activities Create workflow automation for control testing, evidence collection, and remediation tracking Implement data analytics capabilities to identify trends and predictive insights Support the security champions program by providing self-service GRC capabilities Data Management and Analytics Establish data governance processes for GRC-related information Develop analytics and reporting capabilities that provide actionable insights to stakeholders Maintain data quality standards and implement data validation processes Create predictive analytics models to identify potential compliance issues before they occur Support decision-making with data-driven recommendations and trend analysis Policy and Documentation Management (15%) Policy Development and Maintenance Support the development and annual review of security policies aligned with compliance requirements Create and maintain policy implementation guides and procedures for business units Develop policy compliance monitoring processes and exception management workflows Coordinate policy awareness training and ensure consistent implementation across all locations Maintain policy version control and change management processes Documentation and Knowledge Management Create and maintain comprehensive GRC documentation including procedures, work instructions, and training materials Develop knowledge management processes to capture and share GRC expertise across the organization Maintain regulatory and framework libraries with current requirements and guidance Create training materials and documentation for the security champions program Support knowledge transfer and cross-training initiatives within the security team Requirements
Experience 3+ years
of experience in governance, risk management, compliance, or audit roles 2+ years
hands-on experience with compliance frameworks (SOC 2, ISO 27001, NIST, PCI DSS, etc.) Experience with GRC platforms/tools (Drata, Vanta, ServiceNow GRC, Archer) Background in risk assessment methodologies and control testing procedures Technical Skills GRC and Compliance Tools GRC Platforms:
Experience with enterprise GRC platforms and workflow automation Audit Tools:
Knowledge of audit management systems and evidence collection tools Risk Assessment:
Familiarity with quantitative and qualitative risk assessment methodologies (FAIR) Documentation:
Advanced proficiency with documentation and process mapping tools Analytics:
Experience with data analysis tools (Excel, Power BI, or similar) Frameworks and Standards Compliance Frameworks:
Working knowledge of SOC 2, ISO 27001, NIST CSF, PCI DSS, GDPR Control Frameworks:
Understanding of COSO Internal Controls, CIS Controls, NIST 800-53 Technical Competencies Data Analysis:
Proficiency in data analysis, statistical methods, and trend identification Process Improvement:
Experience with process mapping, workflow optimization, and automation Project Management:
Basic project management skills and familiarity with project management tools