GRC Analyst
⭐ - Featured Role | Apply direct with Data Freelance Hub
This role is for a GRC Analyst, contract to hire, 100% remote, working Central Time Zone hours. Requires 2-8 years in GRC programs, knowledge of PCI DSS, ISO27001, and strong communication skills. Must work in the USA without sponsorship.
🌎 - Country
United States
💱 - Currency
$ USD
💰 - Day rate
Unknown
Unknown
🗓️ - Date discovered
April 26, 2025
🕒 - Project duration
Unknown
🏝️ - Location type
Remote
📄 - Contract type
Unknown
🔒 - Security clearance
Unknown
📍 - Location detailed
United States
🧠 - Skills detailed
#PCI (Payment Card Industry) #Automation #Cybersecurity #Data Mapping #Compliance #Data Security #Security #Risk Analysis
Role description
• Must be able to work in USA without sponsorship
GTN is looking for GRC Analysts for contract to hire roles. These are 100% remote positions, but you will be working Central Time Zone hours primarily.
The Governance, Risk, Compliance (GRC) Analyst will assist in implementing policies, procedures, and standards to govern the protection of corporate information systems, networks, data, and 3rd party services. The analyst will stay up to date on the latest cybersecurity intelligence while managing privacy workflows to ensure the company meets regulatory compliance.
What You’ll Do:
• Assist in the implementation of the Cybersecurity GRC program using industry standard frameworks that align to regulatory requirements and business objectives.
• Perform risk analysis for systems, processes, third-party tools/applications, and configurations.
• Assist in improving security posture through process, policy, automation, and the continuous advancement of capabilities.
• Document business ownership and responsibilities of the controls using the company’s GRC tool.
• Schedule and perform regular assessments (internal and external) to test effectiveness of controls.
• Investigate (internal and external) information security risk and exceptions assessments.
• Assist in managing Payment Card Industry Data Security Standards (PCI DSS) audits.
• Manage security training and phishing campaigns to mitigate social engineering attacks.
• Monitor security incident management program to ensure effectiveness.
• Assess incidents, vulnerability/patching status, secure baselines, and penetration test results.
• Document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
Who You Are:
• 2 – 8 years’ experience in GRC Programs (i.e., Third-Party Risk Management, Risk Profile, Privacy Data Mapping, PCI – DSS, etc.).
• Understanding of IT policies, laws, standards, and frameworks applicable to the specific technical role e.g., PCI DSS, ISO27001/2, SOC reports and NIST CSF.
• Experience maintaining corporate policies.
• Experience testing or auditing technical controls.
• Critical thinker, creative problem solver and a strong desire to learn.
• Strong oral and written communication skills.
• Must be able to work in USA without sponsorship
GTN is looking for GRC Analysts for contract to hire roles. These are 100% remote positions, but you will be working Central Time Zone hours primarily.
The Governance, Risk, Compliance (GRC) Analyst will assist in implementing policies, procedures, and standards to govern the protection of corporate information systems, networks, data, and 3rd party services. The analyst will stay up to date on the latest cybersecurity intelligence while managing privacy workflows to ensure the company meets regulatory compliance.
What You’ll Do:
• Assist in the implementation of the Cybersecurity GRC program using industry standard frameworks that align to regulatory requirements and business objectives.
• Perform risk analysis for systems, processes, third-party tools/applications, and configurations.
• Assist in improving security posture through process, policy, automation, and the continuous advancement of capabilities.
• Document business ownership and responsibilities of the controls using the company’s GRC tool.
• Schedule and perform regular assessments (internal and external) to test effectiveness of controls.
• Investigate (internal and external) information security risk and exceptions assessments.
• Assist in managing Payment Card Industry Data Security Standards (PCI DSS) audits.
• Manage security training and phishing campaigns to mitigate social engineering attacks.
• Monitor security incident management program to ensure effectiveness.
• Assess incidents, vulnerability/patching status, secure baselines, and penetration test results.
• Document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
Who You Are:
• 2 – 8 years’ experience in GRC Programs (i.e., Third-Party Risk Management, Risk Profile, Privacy Data Mapping, PCI – DSS, etc.).
• Understanding of IT policies, laws, standards, and frameworks applicable to the specific technical role e.g., PCI DSS, ISO27001/2, SOC reports and NIST CSF.
• Experience maintaining corporate policies.
• Experience testing or auditing technical controls.
• Critical thinker, creative problem solver and a strong desire to learn.
• Strong oral and written communication skills.
