Senior GRC Analyst - 26157 Bangalore, India
Energy Acuity · Denver, CO · 1 wk ago
Business DevelopmentFull-time
Performance Objectives
- Carry out enterprise and third-party risk assessments aligned with ISO 27001 and NIST frameworks.
- Maintain the enterprise risk register, ensuring clear ownership and timely remediation tracking.
- Support internal and external audits, including evidence collection and remediation management.
- Develop and maintain GRC policies and controls in line with SOC 2 and ISO requirements.
- Build risk reporting dashboards and communicate insights to leadership stakeholders.
- Collaborate with Engineering, Legal, and IT teams to embed risk management into operations.
- Evaluate and implement GRC tools and automation to improve scalability and efficiency.
- Apply AI-enabled solutions to enhance GRC workflows, including reporting, control testing, and vendor assessments.
Candidate Profile
- 3–5 years of experience in GRC, information security risk management, or IT audit.
- Strong knowledge of SOC 2, ISO 27001, and NIST frameworks.
- Hands-on experience with risk assessments, risk registers, and third-party risk management.
- Ability to analyze security artefacts (e.g. SOC reports, vulnerability data) and translate findings into business insights.
- Experience supporting audits and managing compliance documentation.
- Strong communication skills with the ability to simplify technical concepts for non-technical stakeholders.
- Proactive, self-driven, and comfortable working across cross-functional teams.
- Experience with AI tools or automation in GRC workflows is a strong advantage.
- Bachelor’s degree in a related field; relevant certifications (e.g. CISA, CRISC, ISO 27001) are a plus.