Senior GRC Analyst
About the role
We are seeking a Sr. GRC Analyst, Risk Management to join our team. This role assumes ownership and maintenance of the Enterprise Risk Register, enforcing rigorous data integrity standards, and managing the risk lifecycle.
Responsibilities
- Owns and maintains the Enterprise Risk Register as the authoritative system of record for all identified risks across the Clayco organization.
- Enforces rigorous data integrity standards: no missing owners, undefined due dates, stale entries, or incomplete risk descriptions.
- Establishes and maintains a consistent process for risk creation, categorization, severity rating, and treatment classification to ensure comparability and defensibility of the data set.
- Applies qualitative risk analysis methodologies, including likelihood/impact matrices to produce accurate, prioritized risk ratings.
- Conducts regular audits of the risk register to surface stale, incomplete, or improperly rated entries and drive timely corrections with risk owners.
- Maintains comprehensive documentation for each risk, including: risk description, affected assets and systems, threat source, inherent risk rating, current controls, residual risk, treatment decision, assigned owner, and target remediation date.
- Manages the full risk lifecycle from intake through closure, including periodic re-evaluation of accepted risks to confirm continued acceptability.
- Serves as the primary coordinator and driver of risk remediation and mitigation activities, ensuring every open risk has an actionable, time-bound treatment plan with a clearly accountable owner.
- Collaborates with risk owners and technical teams to develop realistic remediation plans that define specific tasks, milestones, resource requirements, and completion criteria.
- Coordinates corrective and preventive actions (CAPA) arising from audit findings, control failures, and policy exceptions, tracking each to verified closure.
- Tracks and monitors remediation progress across all open items; proactively identify blockers, resource gaps, and at-risk milestones before they result in missed deadlines.
- Escalates risks with insufficient remediation progress, missed SLAs, or unacceptable residual risk levels to the GRC Manager and relevant leadership with supporting data and recommended courses of action.
- Collaborates cross-functionally with other Information Technology teams and Business Stakeholders across the Organization.
- Engages as necessary in all GRC functions to maintain an understanding of process and procedures.
- Provides leadership with comprehensive reports of compliance-focused activities and outcomes, as requested.
Requirements
- 5-7+ years’ experience in Risk & Compliance Assessment, Audit & Reporting, or similar functions, preferably within the Information Security or Technology fields.
- 3-4+ years working specifically in Information Security roles involving Risk Analysis, Information System Security Assessment, Compliance Audit with Regulations, Frameworks, & Standards.
- Bachelor's degree in Information Technology or related field, or equivalent experience.
- Required Certifications: Certified in Risk & Information Systems Control (CRISC), Certified Information Systems Auditor (CISA), or Certified Information Systems Security Professional (CISSP) (Current status, or obtained within 9 months of assuming role).
- Strong experience leveraging auditing principles and methods to evaluate policies, processes, systems, and vendors to identify business risks and control gaps.
- Experience in administering Risk management programs for technology and information security.
- Strong, technical knowledge of modern Systems, Services, Cloud Applications/Platforms, Identity Services, and Data Storage/Handling and their areas of Risk and Threat exposure.
- Knowledge of statistics, reporting and analytical tools to analyze and solve complex problems.
- Proficiency in necessary productivity tools (i.e. Microsoft Excel, PowerPoint, Word etc.) for analytics and presentations.
- Operate with strong integrity with ability to handle projects of a sensitive & confidential nature.
- Excellent written and verbal communication skills with a proven ability to translate technical or abstract concepts into a narrative that is easily understood by clients.
- Ability to thrive in fast-paced environment.
Additional Information
No other builder can offer the collaborative design-build approach that Clayco does. We work on creative, complex, award-winning, high-profile jobs. The pace is fast!
This position is classified as a safety-sensitive role in accordance with applicable state and federal laws. Candidates selected for this position will be subject to a comprehensive background check, which includes mandatory drug testing.
Why Clayco?
- 2025 Best Places to Work – St. Louis Business Journal, Los Angeles Business Journal, and Phoenix Business Journal.
- 2025 ENR Top 400 – Top Data Center Contractor (Top 3).
- 2025 ENR Top 100 Design-Build Firms – Design-Build Contractor (Top 5).
- 2025 ENR Top 100 Green Contractors – Green Contractor (Top 3).
Benefits
- Discretionary Annual Bonus: Subject to company and individual performance.
- Comprehensive Benefits Package Including: Medical, dental and vision plans, 401k, generous PTO and paid company holidays, employee assistance program, flexible spending accounts, life insurance, disability coverage, learning & development programs and more!
Compensation
The salary range for this position considers a wide range of factors in making compensation decisions including but not limited to: Education, qualifications, skills, training, experience, certifications, internal equity, and location. Compensation decisions are dependent on the facts and circumstances of each case.