... Assist GRC and Information Security management with ISMS continuous operation, monitoring, and improvement of the Information Security Management System (ISMS) by organizing and executing annual ...
... Assist GRC and Information Security management with ISMS continuous operation, monitoring, and improvement of the Information Security Management System (ISMS) by organizing and executing annual ...
Cybersecurity GRC Engineer
Draper, UT ยท On-site
Identify control gaps, document risks, and assist in developing remediation plans * Maintain and ... Develop and maintain GRC metrics, dashboards, and reporting artifacts * Track key risk indicators ...
Cybersecurity GRC Engineer
Draper, UT ยท On-site
Identify control gaps, document risks, and assist in developing remediation plans * Maintain and ... Develop and maintain GRC metrics, dashboards, and reporting artifacts * Track key risk indicators ...
Cybersecurity GRC Engineer
Draper, UT ยท On-site
Identify control gaps, document risks, and assist in developing remediation plans * Maintain and ... Develop and maintain GRC metrics, dashboards, and reporting artifacts * Track key risk indicators ...
Cybersecurity GRC Engineer
Draper, UT ยท On-site
Identify control gaps, document risks, and assist in developing remediation plans * Maintain and ... Develop and maintain GRC metrics, dashboards, and reporting artifacts * Track key risk indicators ...
Cybersecurity GRC Engineer
Draper, UT ยท On-site
Identify control gaps, document risks, and assist in developing remediation plans * Maintain and ... Develop and maintain GRC metrics, dashboards, and reporting artifacts * Track key risk indicators ...
Cybersecurity GRC Engineer
Draper, UT ยท On-site
Identify control gaps, document risks, and assist in developing remediation plans * Maintain and ... Develop and maintain GRC metrics, dashboards, and reporting artifacts * Track key risk indicators ...
GRC Engineer
Redmond, WA ยท On-site
Support the development and maintenance of risk registers and risk treatment plans * Assist in ... Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud ...
GRC Engineer
Redmond, WA ยท On-site
Support the development and maintenance of risk registers and risk treatment plans * Assist in ... Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud ...
GRC Engineer
Redmond, WA ยท On-site
... Assist in ensuring compliance with applicable regulations, standards, and frameworks (e.g., NIST CSF, PCI DSS, J-SOX, etc.) Contribute to the development, review, and maintenance of information ...
GRC Engineer
Redmond, WA ยท On-site
... Assist in ensuring compliance with applicable regulations, standards, and frameworks (e.g., NIST CSF, PCI DSS, J-SOX, etc.) Contribute to the development, review, and maintenance of information ...
Support the development and maintenance of risk registers and risk treatment plans * Assist in ... Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud ...
Support the development and maintenance of risk registers and risk treatment plans * Assist in ... Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud ...
GRC Engineer
Redmond, WA ยท On-site
Support the development and maintenance of risk registers and risk treatment plans * Assist in ... Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud ...
GRC Engineer
Redmond, WA ยท On-site
Support the development and maintenance of risk registers and risk treatment plans * Assist in ... Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud ...
ServiceNow GRC Administrator
Tallahassee, FL ยท On-site
ServiceNow GRC Administrator The customer is seeking qualified candidates who will assist the Office of Information Technology in their daily operations, support, and services. The Department may ...
ServiceNow GRC Administrator
Tallahassee, FL ยท On-site
ServiceNow GRC Administrator The customer is seeking qualified candidates who will assist the Office of Information Technology in their daily operations, support, and services. The Department may ...
ServiceNow GRC Administrator
Tallahassee, FL ยท On-site
ServiceNow GRC Administrator The customer is seeking qualified candidates who will assist the Office of Information Technology in their daily operations, support, and services. The Department may ...
ServiceNow GRC Administrator
Tallahassee, FL ยท On-site
ServiceNow GRC Administrator The customer is seeking qualified candidates who will assist the Office of Information Technology in their daily operations, support, and services. The Department may ...
SAP GRC Consultant
Portland, OR ยท On-site
Represent SAP Security and GRC considerations in department and company-wide projects to ensure security needs are satisfied * Assist with GRC configuration and use GRC tools in the creation and ...
SAP GRC Consultant
Portland, OR ยท On-site
Represent SAP Security and GRC considerations in department and company-wide projects to ensure security needs are satisfied * Assist with GRC configuration and use GRC tools in the creation and ...
ServiceNow GRC Administrator
Tallahassee, FL ยท On-site
Scope of Services The customer is seeking qualified candidates who will assist the Office of ... Manage GRC integrations with third-party tools and internal systems. * Administer user roles ...
ServiceNow GRC Administrator
Tallahassee, FL ยท On-site
Scope of Services The customer is seeking qualified candidates who will assist the Office of ... Manage GRC integrations with third-party tools and internal systems. * Administer user roles ...
ServiceNow GRC Administrator
Tallahassee, FL ยท On-site
Scope of Services The customer is seeking qualified candidates who will assist the Office of ... Manage GRC integrations with third-party tools and internal systems. * Administer user roles ...
ServiceNow GRC Administrator
Tallahassee, FL ยท On-site
Scope of Services The customer is seeking qualified candidates who will assist the Office of ... Manage GRC integrations with third-party tools and internal systems. * Administer user roles ...
Manage 3rd party/vendor risk management assessments * Assist sales and operations functions by ... Participate in GRC processes such as risk assessment, policy management, and audits * Participate ...
New
Manage 3rd party/vendor risk management assessments * Assist sales and operations functions by ... Participate in GRC processes such as risk assessment, policy management, and audits * Participate ...
New
REQUIRED SAP GRC Modules * ARA (access risk analysis) * EAM (Emergency Access Module) WORK ... May assist in the development of business cases to help prioritize opportunities and champion ...
REQUIRED SAP GRC Modules * ARA (access risk analysis) * EAM (Emergency Access Module) WORK ... May assist in the development of business cases to help prioritize opportunities and champion ...
Security GRC Analyst
Campbell, CA ยท On-site
Support GRC capabilities, such as enterprise security risk management, compliance and audit ... Assist in managing security compliance programs and activities that support various compliance ...
Security GRC Analyst
Campbell, CA ยท On-site
Support GRC capabilities, such as enterprise security risk management, compliance and audit ... Assist in managing security compliance programs and activities that support various compliance ...
Senior Analyst, Cybersecurity GRC
Chicago, IL ยท On-site
$103K - $132K/yr
... - Assist in further defining the process for completing information security control assessments ... Senior Analyst, Cybersecurity GRC Qualifications: - Bachelor's degree (required) and at least 5 ...
Senior Analyst, Cybersecurity GRC
Chicago, IL ยท On-site
$103K - $132K/yr
... - Assist in further defining the process for completing information security control assessments ... Senior Analyst, Cybersecurity GRC Qualifications: - Bachelor's degree (required) and at least 5 ...
Manager, Cybersecurity GRC, Global
$114K - $154K/yr
Support development and delivery of GRC metrics, KPIs, and dashboards; assist in reporting compliance posture and risk exposure to leadership * Assist in ensuring adherence to regulatory and customer ...
Manager, Cybersecurity GRC, Global
$114K - $154K/yr
Support development and delivery of GRC metrics, KPIs, and dashboards; assist in reporting compliance posture and risk exposure to leadership * Assist in ensuring adherence to regulatory and customer ...
Cyber GRC Analyst
Austin, TX ยท Hybrid
$80K - $110K/yr
As a GRC analyst your roles will support and maintain the Realtor.com Cyber GRC Program along with ... Assist in the risk assessment process and report on enterprise-wide and third-party security ...
Cyber GRC Analyst
Austin, TX ยท Hybrid
$80K - $110K/yr
As a GRC analyst your roles will support and maintain the Realtor.com Cyber GRC Program along with ... Assist in the risk assessment process and report on enterprise-wide and third-party security ...
Senior GRC Analyst
Atlanta, GA ยท On-site +1
Security Training Program: * Assist with the administration and continuous improvement of the ... Experience working with GRC platforms and tooling to manage compliance activities, risk registers ...
Senior GRC Analyst
Atlanta, GA ยท On-site +1
Security Training Program: * Assist with the administration and continuous improvement of the ... Experience working with GRC platforms and tooling to manage compliance activities, risk registers ...
Assistant Grc information
Can a GRC analyst work from home?
Is GRC in high demand?
Is GRC an entry level job?
What is the difference between Assistant Grc vs Compliance Analyst?
| Aspect | Assistant Grc | Compliance Analyst |
|---|---|---|
| Credentials | Certifications like CISA, CRISC often preferred | Certifications such as CCEP, CISA common |
| Work Environment | Corporate, financial, or consulting firms | Regulatory agencies, corporations, consulting firms |
| Employer & Industry | Financial services, banking, consulting | Financial institutions, healthcare, government |
| Search & Comparison Intent | Understanding roles in GRC frameworks | Regulatory compliance responsibilities |
The Assistant Grc and Compliance Analyst roles share overlapping skills in risk management and regulatory knowledge. However, Assistant Grc typically supports GRC programs within organizations, focusing on risk assessments and policy implementation. Compliance Analysts primarily ensure adherence to laws and regulations, often conducting audits and reporting. Both roles are vital in governance, risk, and compliance functions but differ in scope and focus.
Is GRC a good career path?

GRC Information Security Systems Analyst (Minneapolis, MN) (#4073)
Minneapolis, MN โข On-site
Full-time
Posted 22 days ago
Job description
Dorsey & Whitney LLP is a global law firm with a focus on providing strategic legal counsel across various industries. They are seeking a GRC Information Security Systems Analyst to enhance their Information Security team by driving security initiatives related to audits, risk, governance, and compliance, while collaborating with stakeholders to ensure compliance with various standards.
Responsibilities:
โข Support Information Security Systems Manager with the maintenance of Information Security documentation, supporting changes in the organization, technology, or threat landscape.
โข Provide Information Security Program reporting related to metrics and dashboards for various Dorsey committees as requested by Information Security Systems Manager.
โข Create and oversee the distribution of Bimonthly Information Security communications released Firm wide.
โข Collaborate with Firm and Information Services process owners and stakeholders, internal and external assessors and auditors to execute and review risk assessments, internal and external surveillance audits resulting in the recertification (e.g., ISO 27001, GDPR). Document audit findings, remediation action plans and audit report responses.
โข Consult with Information Services teams, Dorsey Business Teams and advise on Compliance requirements, and Information Security Standards and Controls.
โข Collaborate with Information Services team stakeholders to implement processes that automate and continuously monitor Compliance-related, Information Security Standard controls, and approved exceptions.
โข Assist GRC and Information Security management with ISMS continuous operation, monitoring, and improvement of the Information Security Management System (ISMS) by organizing and executing annual internal audits and management reviews.
โข Maintain Compliance-related documentation, including policies, procedures, Statement of Applicability, are current and reflect any changes in the organization, technology, or threat landscape.
โข Complete Client-generated pre- and post-contract security controls and risk review assessment, audits, in support of Dorsey client requests.
โข Review and provide security input into Client RFP Responses. Support Marketing and Business Development teams with RFP response requests as they pertain to Information Security information.
โข Perform Dorsey-requested pre-contract security controls and risk review of technology, software, and services.
โข Maintain Dorsey SIG Questionnaire and ndMax AI chatbot, collaborating with key Information Services stakeholders for its currency.
โข Assist the Information Security Systems Manager with project-based risk assessments, interviewing, collecting data, and documenting risk. May be asked to present risk assessment results to Head of Cybersecurity and CIO for discussion and drive decision-making. Document risk decision in risk register if necessary.
โข Maintain Firm Technology Risk Register, provide reporting and coordinate meetings with Information Services Leadership to discuss open risk items and remediation actions.
โข Support the Information Security Systems Manager in the creation of an annual Firm-wide Annual Security Awareness Training Program, Human Risk Initiative, with Phish Simulation Testing.
โข Support the delivery of a focused 8-week training program for currently hired business professionals, New Hired business professionals training.
โข Support the delivery of multi-month, Firm-wide Phish Simulation Testing.
โข Prepare Human Risk reporting and update Human Risk Calculations and additional training assigned by the Information Security Systems Manager.
โข Execute the project-based enhancement of RBAC, Rights, Permissions, Groups, and Entitlement Definition and Clean-Up for Privileged Accounts (PIM), Service Accounts, and User Accounts, this position will support the ongoing Identity & Authorization Services Compliance Oversight process.
โข Execute post-project oversight process will validate the defined, repeatable process being followed to ensure all user, privileged users, and service accounts maintain security to reduce risk of unauthorized access.
โข Execute oversight process to ensure assurance is validated, repeatable processes are being followed to ensure all human and nonhuman accounts maintain security that reduce risk of unauthorized access and shrink attack surfaces.
โข Perform the quarterly NetDocuments access review as assigned.
โข Support the DLP Program Execution and Oversight to ensure the DLP controls meet Client, ISO, Information Governance, and Regulatory requirements.
โข May perform other duties not listed above.
Qualifications:
Required:
โข Bachelor's Degree or equivalent in Business, Computer Science or equivalent experience.
โข At least 3-5 years (preferred 5-7 years) of demonstrated experience across three of the following: Implementing or maintaining an Information Security Management System (ISMS) aligned to one or more of the following compliance frameworks: ISO 27001:2013, ISO 27001:2022, SOC2, GDPR, NIST Cybersecurity Framework (CSF), or NIST 800-53.
โข Implementing or maintaining information security policies, standards, controls, guidelines, and procedures in one or more of the following compliance frameworks: ISO 27001:2013, ISO 27001:2022, SOC2, GDPR, NIST Cybersecurity Framework (CSF), or NIST 800-53.
โข Client-request assessment, audit experience and IT/Security technology, software security risk assessment reviews.
โข Similar technology/information security focused experience with minimum of 3 years' experience with at least two of the following: Compliance function, Information security risk and risk frameworks, IT/security governance, and audit, Security awareness training programs.
โข At least 3-5 years (preferred 5-7 years) of experience with: Successful planning, preparing, and delivery of audit (re)certification, authorization of in-scope technology asset compliance environments and boundaries.
โข Performing client security risk assessments, RFP Cybersecurity responses, driving Third-Party Vendor Technology and Service Security Risk Assessments and ongoing Monitoring.
โข Hands-on experience defining, implementing, and maintaining annual information security training program.
โข At least 2-3 years of handsโon experience driving IAM enhancements using automation and tooling across hybrid AD/Entra environments, including group and role analysis, AD permission cleanup, RBAC design and implementation, leastโprivilege enforcement, privileged access reduction, and integration of IAM with HR and IT lifecycle workflows.
โข At least 2โ3 years of handsโon experience executing Data Loss Prevention (DLP) enhancement initiatives, including defining data in scope, implementing data classification and tagging, developing and deploying DLP policies and alerting requirements, performing initial analysis of data flows and risks, and partnering with SOC, IT, and business teams to ensure ongoing compliance and control effectiveness.
โข Excellent written and verbal communication skills; demonstrated experience, communicating and collaborating effectively across business and technology areas.
โข Ability to work independently, excellent organizational and management skills.
โข Ability to manage and prioritize multiple tasks and adapt to needed changes.
โข Knowledge of on-premises and MSFT Azure, M365 Tenant-based technologies and cloud infrastructure platforms (e.g., Microsoft Azure, Microsoft 365, Microsoft AD & Entra, Microsoft Purview, OneDrive, TEAMS, Sentinel, Microsoft Defender, Exchange Online, Exchange On-Prem, Zoom, Jabber, Document Management Systems, SSO, OAuth) and SaaS-based application frameworks to evaluate key information security requirements, controls, risk areas.
Preferred:
โข At least one certification such as CISSP, CISM, and/or CISA.
โข At least 5-7 years' Governance, Risk, and Compliance experiences, listed above.
โข Prior Legal or Professional Services experience.
โข Informed on information security industry standards and best practices.
Company:
Clients have relied on the international law firm of Dorsey & Whitney LLP since 1912 as a trusted legal advisor and valued business partner. Founded in 1912, the company is headquartered in Minneapolis, USA, with a team of 1001-5000 employees. The company is currently Late Stage.
About Dorsey & Whitney
Sourced by ZipRecruiter
Industry
Law firms
Company size
10,000+ Employees
Headquarters location
Minneapolis, MN, US
Year founded
1912