GRC Analyst

Avetta is a SaaS platform that connects leading organizations with qualified suppliers, contractors, and vendors. The GRC Analyst’s primary role is to support governance, risk, and compliance activities by performing control monitoring, risk assessments, and documentation updates.

Responsibilities

• Assist in maintaining security and compliance policies, standards, and procedures
• Support updates to documentation, control mappings, and compliance workflows
• Help prepare reports and dashboards for leadership or auditors
• Support enterprise and departmental risk assessment activities by gathering data, performing initial risk scoring, and documenting findings
• Track remediation items and follow up with stakeholders to ensure timely completion
• Maintain the risk register and ensure entries remain current and accurate
• Collect and organize audit evidence for SOC 2, ISO 27001, PCI, and other frameworks
• Conduct control testing and gap assessments under the guidance of senior team members
• Monitor control performance and document exceptions or potential issues
• Maintain and update GRC platforms (e.g., Vanta, Drata, Anecdotes, OneTrust)
• Help maintain the centralized control library and update mappings across multiple frameworks
• Assist teams in understanding control requirements and preparing evidence
• Perform security reviews and tracking of vendors, questionnaire analysis, and documentation
• Assist in developing or distributing compliance training materials and reminders
• Help ensure employees complete required annual training

Skills

• Bachelor's degree in Information Security, Business, Risk Management, or related field (or equivalent practical experience)
• 1–3 years of experience in compliance, IT audit, cybersecurity operations, risk management, or a similar field
• Basic understanding of security controls, audit principles, and risk management concepts
• Familiarity with cloud technologies (AWS, Azure, GCP) and SaaS environments
• Ability to review evidence, evaluate control performance, and document findings clearly
• Strong attention to detail and organizational skills
• Good communication skills and ability to collaborate with cross-functional teams
• Ability to manage multiple tasks and maintain accuracy under deadlines
• Analytical mindset with a willingness to learn and improve processes
• Exposure to common compliance frameworks such as SOC 2, ISO 27001, NIST CSF, SOX, HIPAA, or PCI (hands-on experience is preferred)
• Experience with GRC tools and ticketing systems is a plus

Benefits

• Health, Dental, and Vision Insurance
• 401(k)
• Paid Time Off

Company Overview

Company H1B Sponsorship