Senior GRC Analyst
ABM Industries · Georgia, United States · Yesterday
Business DevelopmentFull-time
Job Description Join a team with one shared mission - to make a difference, every person, every day. We are more than 100,000 team members strong, from all backgrounds and corners of the world, with the talent, experience and compassion that enables us to make an impact. For thousands of clients across the U.S. and in more than 20 global locations, ABM takes care of the people, spaces and places that matter most. We also take care of our team members —ensuring our company is a great place to work, and our communities are safer, healthier, and more sustainable places to be. Every team member at ABM has the opportunity to make a difference. Every day. And we cultivate a culture where our team members feel seen, heard, and valued and can grow a career and a future with us. ABM is currently seeking a highly motivated and detail-oriented Sr. GRC Analyst to support the organization’s Governance, Risk & Compliance program and ensure alignment with regulatory requirements and industry standards such as ISO 27001, CMMC, NIST, and NYDFS. The Sr. GRC Analyst will support enterprise risk assessments, evaluate control effectiveness, identify risk exposures and control gaps, track remediation efforts, and support cross-functional teams to maintain audit readiness and compliance across the IT and Information Security environment. Responsibilities Maintain governance documentation, perform risk assessments, and support framework alignment across ISO 27001/27002/27005, NIST, CMMC, NYDFS, NIS2, and other applicable standards. Lead coordination of regulatory and certification assessments (e.g., NYDFS, ISO 27001, CMMC), including risk assessments, Statement of Applicability (SoA) updates, scope management, evidence collection, validation of control documentation, and preparation of attestation support materials. Serve as a point of coordination for certification, regulatory, and audit-related activities across IT and Information Security stakeholders. Support continuous improvement of Governance, Risk & Compliance processes and documentation standards. Maintain accurate records of compliance activities, findings, and remediation status. Support cross-functional teams in maintaining audit readiness and regulatory compliance. Develop and report risk and compliance metrics to leadership and support remediation tracking activities. Perform other duties as assigned, including support of third-party risk management assessments and ongoing vendor monitoring activities, maintenance of risk registers, remediation tracking, and response to client or external cybersecurity requests. Qualifications Education: Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent relevant experience. Experience: 5+ years of experience in Governance, Risk & Compliance (GRC), IT Risk Management, Information Security, or IT Compliance within a regulated or enterprise environment. Experience supporting or coordinating regulatory and certification assessments (e.g., ISO 27001, CMMC, NYDFS, NIST). Experience maintaining risk registers, remediation tracking processes, and governance documentation. Experience coordinating audit evidence collection and supporting internal or external audit activities. Strong understanding of industry standards and frameworks, including ISO 27001/27002/27005, NIST, CMMC, and applicable regulatory requirements. Experience developing compliance metrics and reporting for leadership. Proficiency with GRC platforms and documentation management tools. Strong analytical, organizational, and documentation skills with attention to detail. Effective communication and interpersonal skills, with the ability to collaborate across technical and non-technical stakeholders. Proficiency with remote collaboration tools (e.g., MS Teams) and Microsoft 365 applications, including PowerPoint and Excel, for documentation, control tracking, and metrics reporting. Experience performing or supporting SOC 2 reviews is a plus. Experience supporting ISO certification lifecycle activities (surveillance, recertification, scope expansion). Experience responding to client or external cybersecurity questionnaires and compliance inquiries. Certifications: One or more of the following: CISA, CISM, CISSP, or CRISC. About Us ABM (NYSE: ABM) is one of the world’s largest providers of integrated facility, engineering, and infrastructure solutions. Every day, our over 100,000 team members deliver essential services that make spaces cleaner, safer, and efficient, enhancing the overall occupant experience. ABM serves a wide range of market sectors including commercial real estate, aviation, education, mission critical, and manufacturing and distribution. With over $8 billion in annual revenue and a blue-chip client base, ABM delivers innovative technologies and sustainable solutions that enhance facilities and empower clients to achieve their goals. Committed to creating smarter, more connected spaces, ABM is investing in the future to meet evolving challenges and build a healthier, thriving world. ABM: Driving possibility, together. ABM is an Equal Employment Opportunity (EEO) employer that does not discriminate on the basis of any trait or characteristic protected by applicable federal, state, or local law, including disability and protected veteran status. ABM is committed to working with and providing reasonable accommodation to individuals with disabilities. If you have a disability and need assistance in completing the employment application, please call 888-328-8606. We will provide you with assistance and make a determination on your request for reasonable accommodation on a case-by-case basis. ABM participates in the U.S. Department of Homeland Security E-Verify program. E-Verify is an internet-based system used to electronically confirm employment eligibility. ABM is a military-friendly company proudly employing thousands of men and women who have served in the U.S. military. With ABM, you’ll have access to a world-class training program and ample opportunities to use the skills you developed while serving our country. Whether you’re looking for a frontline or professional position, you can find post-military career opportunities across ABM. ABM directs all applicants to apply at www.abm.com/careers . ABM does not accept unsolicited resumes or submissions outside of this portal. Applicants should submit their application by clicking Apply Now. For more information, visit www.abm.com