GRC Analyst

The Cyber Security Analyst will actively participate in developing, implementing, and maintaining cybersecurity policies, procedures, and standards. The Analyst will perform risk assessments, audits, and compliance reviews; maintain documentation; and assist with information security controls—particularly penetration testing, disaster recovery, and incident response.

**This is a 5 month contract with potential extensions and requires 3 days a week onsite in Downtown Washington DC. This role is also available in Boston or New York City. We will not consider candidates for relocation.**

• • Complete client-provided security questionnaires by drawing on established firm precedent and prior responses to ensure accuracy, consistency, and efficiency; maintain organized records of submissions for future reference.
• • Organize and deliver compliance training and awareness initiatives; monitor participation and results; report to leadership and support follow-up for non-compliance.
• • Assist in monitoring and enforcing compliance with cybersecurity governance frameworks (e.g., ISO 27001, ISO 42001, NIST) and organizational policies; support audits and assessments.
• • Document and track compliance activities (risk assessments, policy reviews, audit evidence); participate in training and awareness programs to promote compliance culture.
• • Support the ongoing improvement of cybersecurity governance processes; provide feedback and assist with policy updates to ensure alignment with legal and regulatory requirements.
• • Support the use and implementation of AI and machine learning tools for compliance gap identification, risk assessments, and GRC monitoring; collaborate on AI-driven solutions for policy violation detection and compliance reporting.
• • 2–5 years or more supporting information security in large, complex environments with significant log analysis responsibilities; or equivalent combination of education and experience.

REQUIRED SKILLS AND EXPERIENCE

• • Strong understanding of cybersecurity frameworks and regulatory compliance (ISO 27001, NIST), with the ability to apply these to organizational policies.
• • Bachelor’s degree in computer science, information security, or related field; or equivalent work experience.