Jobs · Legal · Massachusetts

Governance, Risk and Compliance Analyst

Babel Street · Somerville, MA · Yesterday
Legal$80k–$125k/yrFull-time

Key Responsibilities

  • Maintain compliance programs aligned with NIST CSF, CMMC, Cyber Essentials Plus, SOC 2, and ISO/IEC 27001.
  • Cook up internal and external audits, assessments, and attestation activities.
  • Collect, validate, and maintain compliance evidence and audit artifacts.
  • Track audit findings and remediation activities through completion.
  • Support control testing and validation to ensure ongoing compliance.

Governance & Risk Management

  • Conduct security risk assessments and assist with enterprise risk management activities.
  • Maintain risk registers, track mitigation plans, and monitor remediation progress.
  • Aid in the development and maintenance of security policies, standards, procedures, and guidelines.
  • Monitor security and compliance control effectiveness and identify opportunities for improvement.
  • Support control mapping and crosswalk activities across multiple compliance frameworks.

Third-Party Risk Management

  • Perform security reviews of vendors, suppliers, and third-party service providers.
  • Track vendor assessment findings and remediation activities.
  • Support ongoing monitoring of third-party security and compliance risks.

Customer & Regulatory Support

  • Respond to customer security questionnaires, due diligence requests, and compliance inquiries.
  • Support sales and customer-facing teams with security documentation and assurance materials.
  • Aid in documenting compliance posture and security program maturity.

Program Administration

  • Maintain GRC platforms and compliance repositories.
  • Develop metrics, dashboards, and compliance reporting for management.
  • Cook up annual security awareness, compliance, and policy review activities.
  • Support continuous improvement initiatives across the security and compliance program.

Similar jobs