CrawlJobs Logo
Virtru Logo Virtru · IT - Administration

Security Governance Risk & Compliance (GRC) Analyst

United States, Washington, DC 130000.00 - 180000.00 USD / Year · Job Posted December 13, 2025
Apply Position
Job Link Share

Job Description

Here at Virtru you’ll help build a cutting edge security compliance program aligned with FedRAMP, SOC 2, PCI, HIPAA, GDPR, and just about any other security/privacy framework you can think of, whilst getting your hands on some of today’s most important tools and tech like Kubernetes, GCP, AWS, Terraform. We put a high value on input from everyone on our team. Your voice will have a significant impact. With a constantly growing customer base, there is no shortage of challenging and exciting scaling/optimization work to ensure that we can provide the most secure and performant service. As a GRC Analyst at Virtru, you will be the primary point of contact for compliance-related inquiries. You will lead and manage the organization's efforts to achieve and maintain CMMC compliance, by conducting gap analyses and developing a roadmap to address compliance requirements. You will also play a vital role in supporting our existing FedRAMP, SOC2, and PCI DSS compliance.

Job Responsibility

  • Manage and implement complex controls frameworks for large systems, consisting of Cloud infrastructure and Software as a Service (SaaS) services (GCP, AWS, GitHub, Okta, etc)
  • Design and develop automation solutions for evidence collection across Cloud infrastructure, endpoints, and SaaS services
  • Conduct risk assessments across business units and processes. Identify risk findings and recommend remediation and risk mitigation strategies
  • Assist or implement automated controls to support risk mitigation efforts across various business units with stakeholders
  • Incorporate CMMC certification into Virtru’s slate of compliance assessments and ongoing monitoring activities (FedRAMP, SOC 2, PCI)
  • Facilitate the third-party vendor on-boarding and annual review process by evaluating the security of current and prospective partners
  • Participate in incident response (IR) activities, providing risk analysis and remediation support as needed
  • Enhance the team with your individualism, spirit, and love of learning

Requirements

  • Minimum of 5+ years of information security, IT audit and/or IT Risk Management, or GRC Analyst/Engineer experience
  • Deep understanding of at least few of the following: CMMC, NIST 800-53 & 800-171, FedRAMP, SOC 2, PCI, and/or other global privacy compliance frameworks
  • Technical acumen. Strong understanding of modern cloud technologies (AWS, GCP, Azure, etc.) and familiarity with GRC tools (Hyperproof, Vanta, Drata, etc) and SIEM tools (Datadog, Splunk)
  • You’re a relationship builder and have worked with both business and technical risk and understand how to translate risk to various levels of the organization
  • Have experience training and coaching teams to become better security and privacy practitioners
  • Like working on an autonomous agile team
  • Ability to resolve conflicts and drive issues to completion
  • Work independently with little or no supervision while maintaining a high level of efficiency
  • Hands on experience deploying and managing vulnerability scanning/cloud security posture management tools (Wiz, Prismacloud, etc.) to meet security compliance requirements
  • Real-world IR experience participating on security On-Call teams
  • Basic knowledge of scripting languages like Bash, Python, or Javascript to automate manual tasks
  • Familiarity with GitOps and Infrastructure-as-Code concepts

Nice to have

  • Thinking outside of the box to respectfully challenge your teammates and managers in the pursuit of excellence
  • Strong sense of urgency with an action-oriented mindset
  • Able to collaborate and adapt to shifting priorities as business needs evolve
  • Comfortable with asynchronous communication including slack, email, zoom, etc.

What we offer

  • A Flexible PTO policy
  • A $1,500 annual Learning & Development Stipend
  • Frequent company-sponsored team celebrations
  • Access to an Employee Assistance Program
  • Access to Headspace, a mental health app
  • A flat 3% contribution to your retirement account
  • A high degree of flexibility
  • Competitive compensation
  • Generous parental, medical, and bereavement policies
  • 401K contribution and stock options
  • Full medical, dental, and vision benefits
  • New Hire Swag and IT Welcome boxes
  • Structured semi-annual 360° performance reviews
Virtru - All Job Offers

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Suggested Tags: Frontend Developer Secretary Talent Manager Salesforce Administrator Data Analyst
Similar Jobs for

Security Governance Risk & Compliance (GRC) Analyst

8 matching positions

Senior Governance, Risk and Compliance Analyst - Governance

Come join the company that is reinventing cloud security and empowering business...
Location
Location
Netherlands
Salary
Salary:
Not provided
wiz.io Logo
Wiz
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in one or more of the Governance, Risk, and Compliance domains
  • Passion for security and keeping Wiz safe
  • Ability to collaborate with technical and non-technical teams alike to further oversight responsibilities of Security
  • Deep knowledge of one or more industry frameworks such as ISO 27001, ISO 27017, SOC 2, PCI DSS, NIST CSF, etc. and baseline knowledge of others
  • Ability to assist with security compliance assessments to ensure compliance with internal and external requirements (ISO, NIST, CIS, etc.)
  • Experience working in a fast-paced tech environment both independently, and collaboratively within a team environment
  • Ability to build strong relationships across teams and functions in a global workplace
  • Applicants must have the legal right to work in the country where the position is based, without the need for visa sponsorship
Job Responsibility
Job Responsibility
  • Design and update policies, procedures, and controls to drive confidentiality, integrity, and availability across the Wiz environment
  • Continuously improve processes, tools, and procedures for audit and compliance management
  • Collaborate and work cross-functionally across the company to address governance and compliance needs and to support the Wiz Control Framework, partnering with Engineering, Product, Sales, Legal, HR, and other teams
  • Proactively improvement control design and performance to address a changing risk landscape
  • Deliver timely audits through working with internal and external auditors
  • Help customer-facing teams respond to information security requirements and questionnaires
  • Assist with third party risk management reviews, assessing vendor’s security, compliance, and privacy posture
  • Participate in team project management, including documentation, project planning, task management, and prioritization
  • Participate in recurring annual core audits (e.g., SOC 2, ISO, PCI)
  • Maintain awareness of security and regulatory trends, perform research and analysis on new certifications, and help Wiz pursue new international compliance initiatives
Read More
Arrow Right

Lead Analyst, Information Security Governance & Compliance

Beacon Hill Technologies is partnering with a client to identify a Lead Analyst,...
Location
Location
United States , Boca Raton
Salary
Salary:
Not provided
bhsg.com Logo
Beacon Hill
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Practical, working knowledge of audit and assurance concepts and terminology
  • Experience supporting both internal and external audits
  • Ability to evaluate the quality and sufficiency of audit evidence
  • Strong attention to documentation, traceability, and control effectiveness
  • Prior experience in information security governance, compliance, or risk management
  • Demonstrated ability to lead work while remaining directly involved in execution
  • Clear communication skills, particularly when explaining audit or compliance topics
  • Bachelor’s degree in Information Security, Risk Management, or a related discipline
  • 7+ years of experience in governance, risk, and compliance or information security roles
  • Familiarity with security and control frameworks such as NIST or ISO
Job Responsibility
Job Responsibility
  • Support and guide audit, compliance, and risk activities within the information security organization
  • Ensure audit readiness
  • Coordinate audit responses
  • Validate the quality and completeness of evidence
Read More
Arrow Right

Governance, risk and compliance technical analyst intern

This is a 10 week internship program that runs from May 27th, 2026 to August 7th...
Location
Location
United States , San Diego; San Francisco
Salary
Salary:
35.00 USD / Hour
gofundme.com Logo
GoFundMe
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Confidently maintain clear and concise communication with colleagues while working in a remote or hybrid environment
  • Inquisitive with a solution-oriented mindset
  • Demonstrate excellent analytical, problem-solving, time-management, and multitasking abilities
  • Passionate about staying current on regulatory changes, industry guidance, and card scheme compliance
Job Responsibility
Job Responsibility
  • Coordinate external auditor requests and facilitate meetings with Information Technology, Engineering Teams, Security and Control Owners
  • Build trust center tiles to communicate internal controls to customers and regulatory bodies
  • Assist in evidence collection for IT control reviews, infrastructure, change management and product releases
  • Assist in building communication portfolios, customer journeys and feedback forms for all audit stakeholders to ensure consistency in reaching audit goals, and note potential opportunities, risks, or complications
What we offer
What we offer
  • Competitive pay and comprehensive healthcare benefits
  • Financial assistance for things like hybrid work, family planning
  • Generous parental leave
  • Flexible time-off policies
  • Mental health and wellness resources
  • Learning, development, and recognition programs
  • Fulltime
Read More
Arrow Right
New

Ai risk & compliance analyst

Robert Half is seeking an experienced AI Risk & Compliance Analyst to support th...
Location
Location
United States , New York
Salary
Salary:
65.00 - 80.00 USD / Hour
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 5+ years of experience in one or more of the following: Governance, Risk & Compliance (GRC), Privacy, Information Security, Technology Risk, Third-Party Risk, Model Risk, or Audit
  • 2+ years of hands-on experience in: AI governance, Responsible AI, AI risk assessment, AI compliance, or model risk management
  • Strong understanding of: AI/ML risks, data governance, privacy regulations, and emerging AI regulatory frameworks
  • Experience conducting risk assessments and documenting controls in a structured environment
  • Ability to work cross-functionally and influence stakeholders in a decentralized organization
  • Excellent communication, documentation, and organizational skills
Job Responsibility
Job Responsibility
  • Manage and enhance the AI use case intake process, including: Triage, risk categorization, stakeholder routing, approval tracking, and follow-ups
  • Conduct AI risk and compliance reviews for new and existing use cases, including: Data usage, privacy, security, third-party risk, regulatory exposure, and business impact
  • Evaluate AI-enabled tools, platforms, and vendors for risks related to: Confidential/sensitive data, automated decision-making, transparency, human oversight, IP, bias, and accuracy
  • Maintain and improve the AI use case inventory, including: Ownership, vendors, data types, risk ratings, approvals, required controls, and review cadence
  • Translate regulatory and compliance requirements into: Intake questions, risk criteria, control requirements, and formal decision documentation
  • Partner cross-functionally with: Legal, Privacy, Security, Procurement, Technology, and business stakeholders
  • Support third-party AI risk reviews, including vendor due diligence and governance considerations
  • Develop and refine AI governance artifacts: Intake forms, risk frameworks, review checklists, templates, and process documentation
  • Track and report on AI governance metrics: Intake volume, review cycle time, risk trends, remediation status, and compliance alignment
What we offer
What we offer
  • Medical
  • vision
  • dental
  • life and disability insurance
  • 401(k) plan
  • Fulltime
Read More
Arrow Right

Security risk analyst - Issue and policy exception

We are looking for a highly skilled and motivated analyst to join the policy exc...
Location
Location
India , Hyderabad
Salary
Salary:
Not provided
amgen.com Logo
Amgen
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree required (MIS, Information Systems, IT, Cybersecurity, or related field preferred)
  • 5–8 years of experience in Governance, Risk & Compliance (GRC), IT risk, information security compliance, or internal audit
  • Minimum 2-4+ years of experience in an IT ticket-based support environment
  • Candidate must be proficient at Microsoft office tools such as Outlook, Excel and suite of Microsoft Tools
  • Strong analytical, problem-solving, and documentation skills
  • Ability to communicate complex concepts to non-technical stakeholders
  • Understanding security controls as they apply to GRC (Governance, Risk, and Compliance) across the enterprise
  • Ability to analyze metrics and generate executive-level reporting and insights
  • Adaptability to a dynamic and fast-paced environment
  • Strong organizational and time management skills
Job Responsibility
Job Responsibility
  • Day to day queue management for the policy exception and issue records
  • Host weekly office hours calls for stakeholder support and the advancement of the records
  • Perform initial ticket triage to ensure healthy records for further processing
  • Monitor tickets and investigate the instances of delay in processing
  • Escalate conditions or concerns to management and leads regularly
  • Communicate in a brief manner via email/text and reliably update the associated tickets for good document practice
  • Fulltime
Read More
Arrow Right

Senior Security & Compliance Analyst

Become a Senior Security & Compliance Analyst for Bloomreach! You will be an ess...
Location
Location
Slovakia , Bratislava; Brno; Prague
Salary
Salary:
3000.00 EUR / Month
bloomreach.com Logo
Bloomreach
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Strong knowledge of industry compliance requirements and standards
  • Good understanding of SaaS Business
  • Good understanding of Governance, Risk, and Compliance in IT environment
  • Outstanding communication and interpersonal abilities
  • Previous experience as a compliance analyst, compliance officer, compliance manager, or similar position in a related field
  • Advanced analytical abilities
  • Effective research skills
  • Ability to perform under pressure
  • Experience with ISO security standards
  • Experience with SOC auditing
Job Responsibility
Job Responsibility
  • Perform periodic audits on company procedures and processes and report on the organization’s compliance
  • Identify, analyze, and resolve compliance issues
  • Support the sales process by completing RFPs
  • Ensure that all policies and standards are regularly reviewed and up-to-date
  • Keep the company’s process mapping and responsibilities structure chart up to date
  • Develop and update existing compliance policies and related documentation
  • Proactively research to stay up-to-date with regulations and rules
  • Communicate regulations to internal and external parties
  • Assist with management review preparation
  • Communication with clients across various regions (EMEA, US)
What we offer
What we offer
  • Restricted stock units
  • Company performance bonus
  • Great deal of freedom and trust
  • Flexible working hours
  • Virtual-first work with several Bloomreach Hubs
  • Company events
  • 5 paid days off to volunteer
  • People Development Program
  • Communication coach
  • Leader Development Program
  • Fulltime
Read More
Arrow Right

Security GRC Analyst

Juni is seeking a Security GRC (Governance, Risk, and Compliance) Analyst to pla...
Location
Location
Sweden , Stockholm; Gothenburg
Salary
Salary:
Not provided
juni.co Logo
Juni
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 2 to 4 years of experience in information security governance, risk, or compliance roles
  • Demonstrated experience with compliance frameworks and regulations (e.g., PCI DSS, ISO 27001, GDPR, PSD2, EBA outsourcing and DORA)
  • Degree in Cybersecurity or Information Systems or similar
  • Knowledge of security frameworks (e.g., CIS Controls, NIST CSF)
  • Solid understanding of risk assessment methodologies and hands-on experience with risk registers and third-party risk management
  • Experience in coordinating activities for security certifications and audits
  • Ability to develop and track security metrics (KPIs)
  • Strong analytical, problem-solving, and organisational skills
  • Excellent communication skills, comfortable presenting to various stakeholders
  • A proactive and independent worker who is also a strong team player
Job Responsibility
Job Responsibility
  • Maintain and update core security documentation, including policies, procedures, and instructions, ensuring they remain current and relevant
  • Identify, collect, and analyse data to track key security performance indicators (KPIs) and metrics, generating reports and dashboards to communicate security performance to stakeholders
  • Maintain the risk register and support daily risk management activities with growing independence
  • Follow up on the remediation of risks identified in new projects, third-party engagements, and other business initiatives
  • Conduct thorough security posture assessments of new vendors and perform periodic reviews of existing ones
  • Support our 3rd party procurement process
  • Monitor the implementation and effectiveness of security controls across the organisation
  • Coordinate and support activities to maintain key security certifications, including PCI-DSS and ISO 27001
  • Coordinate and support the implementation of remediation plans to address identified compliance gaps
  • Provide support in responding to security-related questions during partner due diligence and assist in providing necessary information for cyber insurance renewals
What we offer
What we offer
  • Work hybrid
  • Meet all Junis IRL at the company onsite each year
  • Diversity is at our core
  • Progress your career whether you choose to manage people or not
  • Stock options
  • Vacation 30 days
  • Private Health insurance
  • Beautiful offices in central Gothenburg and Stockholm, front row sea view
  • Fulltime
Read More
Arrow Right

Senior Information Security Compliance Analyst

We're looking for a technically grounded Senior IS Compliance Analyst who speaks...
Location
Location
United States , Chicago
Salary
Salary:
90000.00 - 130000.00 USD / Year
blumeglobal.com Logo
Blume Global
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Hands-on experience in technical security roles such as Security Operations, Incident Response, Security Analysis, penetration testing, or similar
  • Practical knowledge of security tools, SIEM platforms, vulnerability management, and security monitoring
  • and ability to read and understand security logs, configurations, and technical documentation
  • 6+ years of total experience with significant time in GRC
  • Working knowledge of ISO 27001, NIST frameworks, SOC 1/2, and GDPR requirements
  • Experience developing and implementing information security policies and controls
  • ISO 27001:2022 Lead Implementer and Lead Auditor certification
Job Responsibility
Job Responsibility
  • Lead technical security assessments and integration of acquired companies, mapping their security architectures and controls to our GRC frameworks, identifying gaps, and building remediation roadmaps that address both technical security and compliance alignment
  • Bridge technical security and business stakeholders by evaluating risks through a technical lens, working alongside security engineering teams to translate GRC requirements into practical security measures, and communicating effectively across technical and non-technical audiences
  • Develop and harmonize security policies and control frameworks across acquired entities, ensuring they're both audit ready and operationally sound, while translating between technical security requirements and governance documentation
  • Own customer security questionnaire responses by leveraging your hands-on security background to provide detailed, accurate answers and collaborating with infrastructure, application security, and operations teams to gather technical evidence
  • Drive continuous improvement of our GRC program through technical security enhancements, meaningful security and compliance metrics, and process improvements that increase both control effectiveness and operational efficiency
What we offer
What we offer
  • health and welfare benefits
  • tuition assistance
  • 401K savings and other retirement programs
  • employee assistance programs
Read More
Arrow Right