Governance, Risk and Compliance Analyst
Job Summary
The Governance, Risk, and Compliance (GRC) Analyst supports compliance and governance initiatives for both government and higher education environments. Core responsibilities include implementing and maintaining NIST-compliant frameworks, supporting CMMC requirements, and ensuring adherence to security controls across diverse environments. The GRC Analyst will collaborate with teams to assess risk, manage compliance documentation, and ensure that security frameworks and controls are implemented effectively and efficiently.
This position requires occasional availability outside of traditional working hours to address urgent business needs, including responding to security incidents, supporting software deployments, resolving software issues or system breaks, and addressing other critical operational requirements. The GRC Analyst mitigates disruption to business operations by promptly addressing issues as they arise.
This is a hybrid role requiring a minimum of three days per week in the Boston office to facilitate collaboration, direct engagement with staff and students, and contribute to a dynamic on-campus work environment.
Minimum Qualifications
- Proficiency with Cybersecurity Maturity Model Certification (CMMC) and NIST frameworks and controls
- Knowledge of compliance standards in government and higher education environments
- Effective written and verbal communication skills with the ability to convey complex compliance requirements to stakeholders at various organizational levels
- Adaptable, with high initiative and a strong sense of urgency
- Ability to analyze complex data, identify patterns, and translate findings into actionable insights, as well as evaluate risks and develop appropriate responses
- Bachelor's degree and at least 2–4 years of relevant experience required
Key Responsibilities & Accountabilities
- Support CMMC compliance efforts within a government environment (25%)
- Affiliate with implementing NIST-based security frameworks and controls in a higher education setting (25%)
- Conduct risk assessments and audits to ensure compliance with security standards (25%)
- Develop and maintain compliance documentation and reporting (25%)