Jobs · Information Technology · Texas

Lead GRC Analyst (IT/Security)

QUANTUM GLOBAL TECHNOLOGIES, LLC · Manor, TX · 1 wk ago
Information TechnologyFull-time

Role Overview

The UCT GRC Specialist supports the design, execution, and maturity of UCT’s IT governance, risk, and compliance program. This role is responsible for coordinating IT risk management activities, supporting control design and testing, maintaining audit-ready evidence, and partnering with IT, Security, Legal, Finance, HR, Operations, and business stakeholders to embed compliance into day-to-day processes.

Risk Register Stewardship

  • Establish, maintain, and mature the Enterprise IT Risk Register, including risk identification, categorization, likelihood and impact scoring, ownership assignment, risk response, and status tracking.
  • Partner with risk owners to develop and monitor risk treatment plans, track remediation progress, and escalate high or critical risks when timelines, ownership, or mitigation plans require leadership attention.
  • Develop and present risk dashboards, compliance metrics, and executive-ready reports that provide leadership with a clear view of UCT’s IT risk environment, control gaps, remediation status, and program maturity.

Compliance Automation, Reporting & Continuous Improvement

  • Administer, optimize, and support GRC and compliance automation platforms to improve workflow efficiency, reduce manual effort, and strengthen reporting consistency.
  • Develop and maintain compliance metrics, dashboards, process trackers, and executive reports to communicate program status, control performance, audit readiness, and remediation progress.
  • Identify opportunities to streamline recurring compliance activities, standardize evidence collection, automate reminders, and improve stakeholder visibility into open tasks and deadlines.

Third-Party Risk Management & Vendor Governance

  • Evaluate vendor security posture in coordination with technical subject matter experts and document risks, compensating controls, remediation commitments, and risk acceptance decisions where applicable.
  • Maintain vendor risk records and support reporting on third-party risk themes, overdue remediation items, and exceptions that require management awareness.
  • Support the vendor and cloud service provider risk review process, including intake, security questionnaire review, SOC 2 report review, architecture and access considerations, contract support, risk documentation, and stakeholder follow-up.

Policy, SOP & Governance

  • Draft, maintain, and periodically review IT policies, standards, procedures, and control documentation to ensure alignment with regulatory requirements, internal governance expectations, and operational practices.
  • Manage the policy and SOP lifecycle, including drafting, stakeholder review, approval routing, publication, periodic recertification, and evidence-based validation of operating procedures.
  • Develop training materials, playbooks, and self-service resources that help IT and business teams understand compliance expectations and meet requirements efficiently.

Control Testing, Evidence Collection & Audit Readiness

  • Lead or support control design walkthroughs and tests of operating effectiveness, including evidence collection, effectiveness validation, exception identification, remediation tracking, and continuous improvement.
  • Prepare and support control owners and process owners for internal and external audits by reviewing people, processes, technologies, key configurations, and supporting evidence for completeness and audit readiness.
  • Build and maintain a centralized evidence repository to ensure change control records, access reviews, control attestations, remediation artifacts, and other compliance documentation are organized, current, and available for audit requests.
  • Cook up audit evidence requests across IT and business teams, track completion against defined timelines, and communicate status, blockers, and escalation needs to stakeholders.

Access Governance & User Access Reviews

  • Define, maintain, and support the schedule and standards for periodic user access reviews of SOX-relevant and mission-critical systems.
  • Validate completed access reviews against least privilege, segregation of duties, and business need requirements; document findings, exceptions, and evidence of review completion.
  • Track remediation of excessive, inappropriate, or stale access identified during reviews and support reporting to control owners, system owners, and leadership.

Cross-Functional Collaboration & Program Support

  • Partner with IT, Security, Engineering, Product, Legal, HR, Finance, Operations, and business stakeholders to integrate compliance requirements into processes, technology changes, vendor decisions, and operational practices.
  • Communicate effectively with technical and non-technical stakeholders on IT risk, control design, remediation expectations, audit requests, and program reporting.
  • Manage multiple GRC initiatives simultaneously while keeping stakeholders informed, maintaining schedules, tracking deliverables, and escalating risks to timely completion.

Program Leadership Scope

  • Help establish scalable GRC policy, methodology, documentation, and reporting standards as the function grows.
  • Represent GRC in cross-functional governance discussions and advise stakeholders on risk-based prioritization, control expectations, and remediation planning.
  • Provide technical direction, knowledge sharing, and mentoring support to additional GRC team members as the function expands.

Similar jobs

IT GRC Lead Analyst

Westfield InsuranceWestfield Center, OH· 2 wk ago
Information Technology$10/hrapply on fa-exdv-saasfaprod1.fa.ocs.oraclecloud.com

Security Analyst (GRC)

MachinifyUnited States· 2 wk ago
RemoteInformation Technology$70k–$95k/yrapply on job-boards.greenhouse.io

Security GRC Analyst

Citadel Credit UnionExton, PA· 1 mo ago
Information Technologyapply on recruiting.ultipro.com

Lead GRC Analyst

Robert HalfMinneapolis, MN· 1 wk ago
RemoteBusiness Developmentapply on roberthalf.com

Cybersecurity GRC Analyst

Western National InsuranceEdina, MN· 1 wk ago
Information Technology$66k–$114k/yrapply on recruiting.paylocity.com