Job Description

GRC Analyst (AuditBoard) | 468968 DETAILS Location : 100% Remote Position Type : 6M C2H Hourly / Salary : $110K-$140K+ (based on experience level) Travel : Minimal travel to Dallas, TX 75251 (1-2x annually) JOB SUMMARY Vaco is currently seeking a GRC Analyst for a 6M C2H opportunity that is 100% remote. The GRC Analyst will play a critical role in strengthening the security posture of a growing organization by designing, implementing, and managing control and risk workflows within AuditBoard. The GRC Analyst will be pivotal in ensuring compliance with industry standards and regulations, identifying and mitigating risks, and supporting the overall security governance framework. Control / Risk Workflow Management - Design / Configure / Maintain Control Frameworks / Risk Workflows within AuditBoard | Aligning Organizational Objectives / Compliance Requirements | Document / Develop Control Procedures (Mapped to Internal Policy / HIPPA / HITRUST / PCI Frameworks) | Monitor / Update Risk Registers in AuditBoard (Accurate Tracking / Risk Prioritization) | Automate Workflows (Streamlining Control Testing / Evidence Collection / Remediation Processes) Compliance / Audit Support - Facilitate Audits / Assessments Leveraging AuditBoard (Evidence Management / Reporting) | Prepare / Present Reports (Control Effectiveness / Risk Status / Compliance Gaps) to Leadership Risk Assessment / Mitigation - Conduct Risk Assessments to Identify Vulnerabilities / Document Findings in AuditBoard | Develop / Implement Risk Mitigation Strategies / Tracking Progress within GRC Platform | Monitor / Report on KRIs | Proactively Address Emerging Risks Policy / Procedure Development - Create / Update Security Policies / Procedures / Standards to Support Compliance / Risk Management | Ensure Policies are Integrated into AuditBoard for Tracking / Enforcement Training / Awareness - Support Development / Delivery of Security Awareness Training | Promote Culture of Security / Compliance Throughout the Organization Vendor / 3rd Party Risk Management - Evaluate 3rd Party Vendors for Security / Compliance Risks | Track Vendor Assessments working with Business Owners toward Remediation Action Plans / Activities Continuous Improvement - Identify Opportunities to Enhance GRC Processes / Workflows within AuditBoard to Improve Efficiency / Effectiveness | Recommend Improvements to the Security Program Independent / Team Collaboration - Working Independently as a Standalone GRC Resource while Collaborating Cross-Functionally in a Fast-Paced / Small Business Environment Organization / Time Management - Strong Organizational Skills to Manage Multiple Priorities / Audit Deadlines / Control Testing Cycles Simultaneously About the Project : The GRC Analyst role is a newly created position within the IT Security Team and sits in a small but growing Risk & Compliance Team (currently the manager + this new hire, collaborating closely with Threat Management and Identity Governance teams). The GRC Analyst role is prioritized to drive immediate GRC maturation with the core focus on hands-on AuditBoard (GRC Platform) implementation and optimization, including design / control frameworks, mapping controls to standards, integrating evidence, developing procedures, automating workflows to eliminate manual work, managing the risk register, tracking exceptions / action plans, and handling reporting. Beyond AuditBoard, the GRC Analyst will lead the policies and procedures refresh project, advance third‑party risk management (vendor assessments / questionnaires / remediation tracking), conduct application / risk assessments, support internal / external audits / compliance (working with internal audit), monitor key risk indicators, contribute to the 2027 GRC roadmap, and support broader documentation / reporting across security. The GRC Analyst is a high‑impact, proactive role emphasizing continuous improvement, spotting / automating inefficiencies, optimizing processes, rather than repetitive tasks. The GRC Analyst will own and grow the AuditBoard‑driven compliance / risk workflows, refresh policies, strengthen vendor risk programs, and build a scalable GRC ecosystem. The ideal GRC Analyst will have 5+ years of hands‑on experience, including extensive AuditBoard expertise, multi‑framework knowledge, and proven risk / compliance project ownership. JOB REQUIREMENTS GRC Tool Administration - Proficiency in Configuring / Customizing / Managing Workflows in AuditBoard/GRC Platforms (Risk Registers / Control Libraries / Issue Tracking / Evidence Collection Workflows / Audit Management Modules) Framework Expertise - Compliance Frameworks (NIST 800‑53 / SOC 2 / HIPAA / HITRUST) | Control Mapping / Gap Assessments / Ongoing Monitoring Requirements Risk Management (strong understanding) - Risk Management Principles and Methodologies (Inherent vs. Residual Risk / Risk Scoring Models / Control Effectiveness Evaluations / Risk Treatment Planning) Technical Foundation (basic knowledge) - IT Systems / Networking / Cloud / Security Technologies (Firewalls / IAM / Encryption / Logging / Vulnerability Management Concepts) Analytical / Problem‑Solving - Excellent Analytical / Problem‑Solving Skills | Attention to Detail (Reviewing Evidence / Identifying Control Gaps / Validating Remediation Activities) Strong Written / Verbal Communication Skills - Translating Technical Findings into Business Risk Language for Technical / Non‑Technical Stakeholders PREFERRED (not required) Certifications: CISA / CRISC / CISM / Security+ / ISO 27001 Lead Auditor BENEFITS Eligibility for discretionary bonuses Medical, dental, and vision benefits 401(k) retirement plan participation #J-18808-Ljbffr

Job Tags

Similar Jobs