The Senior GRC Analyst develops and maintains cybersecurity policies, evaluates compliance, coordinates with teams, and manages risk management processes.
Business Wire, a Berkshire Hathaway company, is the global market leader in press release distribution and regulatory disclosure. We are on a mission to redefine how organizations connect with their audiences - and that’s just the beginning!
Organizations, large and small, depend on us to accurately publicize market-moving news and multimedia, and generate social engagements that develop interactions with their target audiences.
About the Role
The Senior Governance, Risk, and Compliance (GRC) Analyst will perform cybersecurity governance functions, including developing and maintaining policies, standards, and procedures (documents) for cybersecurity controls and processes. This role will assess the effectiveness of security controls, ensure compliance with relevant frameworks, and streamline risk management processes. The ideal candidate will have a strong understanding of cybersecurity risk management and regulatory compliance and hands-on experience in integrated risk management, policy, and document management tools.
The Analyst will work with the business, IT, and security teams to coordinate the development, review, and approval of new and existing documents while evaluating compliance to improve adherence to the organization's mandated regulations, standards, and policies.
What You'll Do
- Review the existing documents to identify and prioritize the requirements for revisions.
- Create new security policies, standards, and responsibility models to clearly outline the organization's security practices and responsibilities.
- Evaluate, implement, and administer the Enterprise Policy Management tool to automate the cybersecurity policy and standard management process.
- Establish and monitor the policy/standards attestation process by all stakeholders.
- Establish and monitor the policy/standards exception process.
- Establish and manage a Cybersecurity Awareness Training program.
- Facilitate document development/revision through meetings and workshops with SMEs and obtain consensus from their leadership.
- Develop questionnaires to assess the compliance of existing cybersecurity policies and standards and identify gaps in the organization’s Cybersecurity Risk Register.
- Manage cybersecurity controls and framework implementation, as well as ongoing maintenance.
- Develop and maintain an inventory of cybersecurity controls mapped to industry standards (e.g., NIST, SOC2, ISO 27001, CIS) and regulatory requirements (e.g., GDPR, CCPA, and SOX).
What You'll Need
- Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering, or related field(s).
- 5+ years of experience in Information Technology or Information Security, with over 3 years of experience authoring security policies, standards, and procedures.
- A strong understanding of cybersecurity controls, risk mitigation strategies, and their application for data protection and privacy compliance.
- Security and compliance certifications, such as CISSP, CISA, CISM, CGEIT, or CRISC, are preferred.
- Identity and access management and governance concepts and technologies, such as Microsoft Entra, Active Directory, PAM, etc.
- Vulnerability management platforms such as Rapid7.
- IT asset management, Configuration Management Databases (CMDB), and network asset discovery tools.
- Control frameworks and objectives (e.g., NIST CSF, NIST RMF, PCI-DSS, SOX, SOC 2, GDPR, CCPA, etc.)
- Operating systems, databases, and middleware components.
- Conducting compliance and risk assessments.
- Management of IT and security projects.
- Office 365 tools (Word, Excel, SharePoint, OneDrive, Teams, and PowerPoint).
- Self-motivated and results-oriented, including the ability to prioritize conflicting assignments.
- Exceptional organizational skills to balance work and lead projects.
- Strong verbal and written skills.
- Ability to collaborate and build consensus and strong relationships with various internal and external stakeholders (business, development, security, auditors, legal, etc.).
- Ability to adapt and apply information to new scenarios and technologies.
- Ability to work remotely
- Excellent health benefits that begin on your first day of employment
- $100 monthly fitness allotment, a tuition reimbursement program, and enhanced mental health resources
- 401(k) plan with generous company match, and annual profit sharing contribution (subject to company performance)
- PTO, Floating Holidays, Wellness Day Off, Birthday Day Off, and more!
Technical Knowledge
Must possess solid working knowledge of/experience in:
Work Environment Characteristics
Business Wire will not sponsor a new applicant for employment authorization for this position.
#LI-DNI
What We Offer
The base salary range for this position is $155K to $165K/year. Offered salary will be determined by several factors, including but not limited to: applicant’s education, experience, knowledge, skills and abilities, as well as internal equity and alignment with geographic market data. Business Wire reserves the right to modify this salary range at any time.
Business Wire’s total rewards include:
A pre-employment background check will be required after the acceptance of an offer. Business Wire is proud to be an equal opportunity workplace. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status. Pursuant to the San Francisco Fair Chance Ordinance and other similar state laws and local ordinances, and its internal policy, Business Wire will also consider for employment qualified applicants with arrest and conviction records.
Top Skills
Active Directory
Ccpa
Gdpr
Microsoft Entra
Nist
Office 365
Pam
Pci-Dss
Rapid7
Soc 2
Sox
Similar Jobs
Cloud • Security • Software
As a Senior GRC Analyst, you'll lead SOC 2 Type II and ISO 27001 audits, shape compliance policies, collaborate across teams, and manage risk assessments in a growing GRC function.
Top Skills:
Grc PlatformsVanta
Healthtech • Other • Software
The Senior GRC Analyst will develop GRC strategies, manage risks, lead audits, and ensure compliance with security standards while training and mentoring team members.
Top Skills:
CisCloud-Based SolutionsCybersecurity ComplianceGdprGrcHipaaIso 27001NistOwaspPci-DssRisk Management
Database
Senior GRC Analyst to enhance compliance and security posture through deep understanding of government regulations, implement controls, and ensure organizational security alignment.
Top Skills:
Artificial IntelligenceCmmc 2.0Iso/Iec 27001Iso/Iec 27017Nist Sp 800-171Nist Sp 800-53Soc 2
What you need to know about the Charlotte Tech Scene
Ranked among the hottest tech cities in 2024 by CompTIA, Charlotte is quickly cementing its place as a major U.S. tech hub. Home to more than 90,000 tech workers, the city’s ecosystem is primed for continued growth, fueled by billions in annual funding from heavyweights like Microsoft and RevTech Labs, which has created thousands of fintech jobs and made the city a go-to for tech pros looking for their next big opportunity.
Key Facts About Charlotte Tech
- Number of Tech Workers: 90,859; 6.5% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Lowe’s, Bank of America, TIAA, Microsoft, Honeywell
- Key Industries: Fintech, artificial intelligence, cybersecurity, cloud computing, e-commerce
- Funding Landscape: $3.1 billion in venture capital funding in 2024 (CED)
- Notable Investors: Microsoft, Google, Falfurrias Management Partners, RevTech Labs Foundation
- Research Centers and Universities: University of North Carolina at Charlotte, Northeastern University, North Carolina Research Campus
