GRC Analyst

At Business Wire, we are committed to building a world-class cybersecurity program that sets the standard for excellence in the industry. Our approach is rooted in innovation, resilience, and a deep understanding of the evolving threat landscape while ensuring our core values of attitude and aptitude, collaboration and integrity are at the forefront of all we do. As we continue to grow and protect our global operations, we are seeking top-tier talent to join us in this mission.

This role is essential in ensuring that our company’s cybersecurity risk is mitigated and that our assets and information are fully protected. The GRC Analyst is responsible for developing, evaluating, and maintaining organizational standards and processes, ensuring that we meet both internal and external security requirements.

What You Will Do

• Develop, update, and enforce security policies, standards, and procedures to ensure compliance with regulatory and industry standards
• Conduct information security risk assessments, security compliance audits, and cybersecurity audits to ensure the effectiveness of IT security controls.
• Research and interpret current and pending governmental laws and regulations, industry standards, and customer and vendor contracts to effectively communicate compliance requirements to relevant stakeholders.
• Maintain the enterprise risk register, ensuring that all identified risks are documented, assessed, and mitigated appropriately.
• Facilitate discussions on risk tolerance and mitigation strategies with senior management, helping to align security efforts with business objectives.
• Establish and maintain IT security audit/assessment procedures relevant to SOC 2, NIST, ISO, and international data privacy laws.
• Document, investigate, and report cybersecurity compliance issues and incidents, working closely with business leaders to ensure that security risk findings are reviewed and that effective solutions are implemented.
• Respond to client security questionnaires and surveys, ensuring that all responses accurately reflect the organization's security posture and compliance status.
• Report on compliance status and findings to senior management and relevant stakeholders, providing insights and recommendations for continuous improvement.
• Develop and distribute educational materials, newsletters, and updates to keep employees informed about the latest cybersecurity threats and best practices.

What You Will Need

• Strong understanding of governance, risk, and compliance frameworks, including NIST, ISO 27001, and CIS Controls.
• Excellent analytical and problem-solving skills, with a keen eye for detail in reviewing and documenting compliance activities, audit findings, and risk assessments.
• Strong communication and collaboration skills, with the ability to interact effectively with various stakeholders across the organization and external clients.
• Ability to manage multiple projects and deadlines in a fast-paced environment.
• Strong experience in developing, updating, and enforcing comprehensive security policies, standards, and procedures.
• Ability to translate complex regulatory requirements into practical and actionable security policies that align with business objectives.
• High ethical standards and integrity, with a strong commitment to maintaining the confidentiality and security of sensitive information.
• A minimum of 4 years of experience in IT Cybersecurity, IT Governance, Compliance, Risk Management, or a related field.
• Bachelor’s degree in Cybersecurity, Information Technology, Business Administration, or a related field. A Master’s degree is a plus.
• Relevant certifications such as Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) are highly desirable.

What We Offer

• The base salary range for this position is $130K to $150K/year. Offered salary will be determined by several factors, including but not limited to: applicant’s education, experience, knowledge, skills and abilities, as well as internal equity and alignment with geographic market data. Business Wire reserves the right to modify this salary range at any time.
• 
  
• Business Wire’s total rewards include:
• Ability to work remotely
• Excellent health benefits that begin on your first day of employment
• $100 monthly fitness allotment, a tuition reimbursement program, and enhanced mental health resources
• 401(k) plan with generous company match, and annual profit sharing contribution (subject to company performance)
• PTO, Floating Holidays, Wellness Day Off, Birthday Day Off, and more!