The Senior Security Analyst - GRC is responsible for ensuring the organization maintains compliance with regulatory guidelines and industry-standard certifications such as ISO 27001 and PCI DSS. This role involves auditing and maintaining evidence for external audits, creating and reviewing InfoSec policies/procedures, and providing recommendations about InfoSec controls based on industry best practices. The analyst will also foster an information security culture, assess IT controls, conduct risk assessments, collaborate on risk treatment decisions, and assist in implementing and monitoring controls to achieve compliance. Responsibilities include leading audits, evaluating policies, assessing risk, ensuring compliance, supporting vendor due diligence, developing and monitoring policies, maintaining an IT Risk Register, understanding cloud infrastructure controls, and providing guidance on security best practices.