GRC Analyst

1 Month ago • All levels

Job Summary

Job Description

The GRC Analyst will join the IT Security team, handling security proposals, contracts, and questionnaires to support the global sales organization. Responsibilities include managing customer RFIs, questionnaires, and contract requirements, validating compliance, maintaining a GRC knowledge base, managing vendor due diligence, and supporting security awareness and control tests. The role requires strong knowledge of information security principles and regulatory compliance standards such as ISO27001, NIST 800-53, SOC 2, PCI-DSS, and GDPR. The ideal candidate will be able to organize, prioritize, and coordinate multiple work activities while meeting deadlines and will possess excellent communication skills.

Must have:

Knowledge of information security principles and practices
Knowledge of regulatory compliance standards and frameworks
Ability to organize and prioritize multiple work activities
Ability to excel in research and analytical tasks
Excellent verbal and written communication skills

Good to have:

Experience analyzing regulatory and contract compliance
Experience working in software, cybersecurity, or hi-tech industry
Experience with IT governance, risk, and compliance management
Experience with content management and automation capabilities of RFP software
Relevant qualifications, such as CRISC, CISSP, CISM, CISA
Strong project management and coordination skills

3 skills required

3 skills required for this role

Add these skills to join the top 1% applicants for this job

excel

communication

risk-management

Job Details

GRC Analyst

We are searching for a junior GRC analyst to join our IT Security team. This position is responsible for handling the intake, prioritization, and completion of security proposals, contracts, and questionnaires to support our global sales organization in addition to participating in GRC operational tasks.

Responsibilities:

Coordinate, answer, and manage customer’s RFIs, security questionnaires, and contract requirements.
Work with various business units to collect answers to inquiries and validate compliance of answers before sending them back to clients.
Maintain GRC knowledge base of processes and frequently asked security questions
Manage vendor due diligence process and help the overall third-party risk management efforts.
Support other GRC tasks such as security awareness, security control tests, policy reviews and more.

Requirements:

Strong knowledge of information security principles and practices
Knowledge with regulatory compliance standards and frameworks such as ISO27001, NIST 800-53, SOC 2, PCI-DSS, and GDPR
Ability to organize, prioritize, and coordinate multiple work activities while meeting target deadlines.
Ability to excel in research and analytical tasks as well as working in a team environment
Excellent verbal and written communication skills.

Advantages:

Experience analyzing regulatory and contract compliance (including RFI/RFP) – a significant advantage.
Experience working in software, cybersecurity, or hi-tech industry
Experience with IT governance, risk, and compliance management in a large global environment
Experience with content management and automation capabilities of RFP software
Relevant qualifications, such as CRISC, CISSP, CISM, CISA.
Strong project management and coordination skills

We invite you to check out our Instagram Page to gain further insight into the Varonis culture!
@VaronisLife

Varonis is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, national origin, disability, veteran status, and other legally protected characteristics.