1

Assistant Grc Jobs (NOW HIRING)

Identify control gaps, document risks, and assist in developing remediation plans * Maintain and ... Develop and maintain GRC metrics, dashboards, and reporting artifacts * Track key risk indicators ...

Identify control gaps, document risks, and assist in developing remediation plans * Maintain and ... Develop and maintain GRC metrics, dashboards, and reporting artifacts * Track key risk indicators ...

Identify control gaps, document risks, and assist in developing remediation plans * Maintain and ... Develop and maintain GRC metrics, dashboards, and reporting artifacts * Track key risk indicators ...

Support the development and maintenance of risk registers and risk treatment plans * Assist in ... Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud ...

... Assist in ensuring compliance with applicable regulations, standards, and frameworks (e.g., NIST CSF, PCI DSS, J-SOX, etc.) Contribute to the development, review, and maintenance of information ...

Support the development and maintenance of risk registers and risk treatment plans * Assist in ... Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud ...

Support the development and maintenance of risk registers and risk treatment plans * Assist in ... Integrate GRC workflows with internal systems (e.g., ticketing, asset management, identity, cloud ...

ServiceNow GRC Administrator The customer is seeking qualified candidates who will assist the Office of Information Technology in their daily operations, support, and services. The Department may ...

Scope of Services The customer is seeking qualified candidates who will assist the Office of ... Manage GRC integrations with third-party tools and internal systems. * Administer user roles ...

Manage 3rd party/vendor risk management assessments * Assist sales and operations functions by ... Participate in GRC processes such as risk assessment, policy management, and audits * Participate ...

New

REQUIRED SAP GRC Modules * ARA (access risk analysis) * EAM (Emergency Access Module) WORK ... May assist in the development of business cases to help prioritize opportunities and champion ...

Senior Analyst, Cybersecurity GRC

Chicago, IL ยท On-site

$103K - $132K/yr

... - Assist in further defining the process for completing information security control assessments ... Senior Analyst, Cybersecurity GRC Qualifications: - Bachelor's degree (required) and at least 5 ...

Cyber GRC Analyst

Austin, TX ยท Hybrid

$80K - $110K/yr

As a GRC analyst your roles will support and maintain the Realtor.com Cyber GRC Program along with ... Assist in the risk assessment process and report on enterprise-wide and third-party security ...

Security Training Program: * Assist with the administration and continuous improvement of the ... Experience working with GRC platforms and tooling to manage compliance activities, risk registers ...

next page

Showing results 1-20

Assistant Grc information

Can a GRC analyst work from home?

Yes, many GRC (Governance, Risk, and Compliance) analysts can work from home, especially if their role involves tasks like policy review, risk assessment, and compliance monitoring that can be performed remotely using security tools and collaboration platforms. However, some positions may require on-site presence for audits, meetings, or access to physical systems.

Is GRC in high demand?

GRC (Governance, Risk, and Compliance) roles, including positions like Assistant GRC, are in increasing demand as organizations prioritize regulatory compliance and risk management. Professionals with knowledge of frameworks such as ISO, NIST, or GDPR, and certifications like CISA or CRISC, are especially sought after in various industries.

Is GRC an entry level job?

An Assistant GRC (Governance, Risk, and Compliance) role is often considered entry-level, suitable for candidates with a basic understanding of cybersecurity, compliance standards, and risk management. However, some positions may require prior experience or certifications such as CISA or CISSP, depending on the company's requirements.

What is the difference between Assistant Grc vs Compliance Analyst?

AspectAssistant GrcCompliance Analyst
CredentialsCertifications like CISA, CRISC often preferredCertifications such as CCEP, CISA common
Work EnvironmentCorporate, financial, or consulting firmsRegulatory agencies, corporations, consulting firms
Employer & IndustryFinancial services, banking, consultingFinancial institutions, healthcare, government
Search & Comparison IntentUnderstanding roles in GRC frameworksRegulatory compliance responsibilities

The Assistant Grc and Compliance Analyst roles share overlapping skills in risk management and regulatory knowledge. However, Assistant Grc typically supports GRC programs within organizations, focusing on risk assessments and policy implementation. Compliance Analysts primarily ensure adherence to laws and regulations, often conducting audits and reporting. Both roles are vital in governance, risk, and compliance functions but differ in scope and focus.

Is GRC a good career path?

A career as an Assistant GRC (Governance, Risk, and Compliance) professional is considered stable and in demand due to increasing regulatory requirements and cybersecurity concerns. It often requires knowledge of compliance frameworks, risk management, and security tools, with opportunities for certification and advancement in various industries.
More about Assistant Grc jobs
What cities are hiring for Assistant Grc jobs? Cities with the most Assistant Grc job openings:
What are the most commonly searched types of Grc jobs? The most popular types of Grc jobs are:
What states have the most Assistant Grc jobs? States with the most job openings for Assistant Grc jobs include:
Infographic showing various Assistant Grc job openings in the United States as of July 2026, with employment types broken down into 1% As Needed, 75% Full Time, 21% Part Time, 1% Temporary, and 2% Contract. Highlights an 99% Physical, and 1% Remote job distribution.
GRC Information Security Systems Analyst (Minneapolis, MN) (#4073)

GRC Information Security Systems Analyst (Minneapolis, MN) (#4073)

Dorsey & Whitney LLP

Minneapolis, MN โ€ข On-site

Full-time

Posted 22 days ago


Job description

Job Summary:
Dorsey & Whitney LLP is a global law firm with a focus on providing strategic legal counsel across various industries. They are seeking a GRC Information Security Systems Analyst to enhance their Information Security team by driving security initiatives related to audits, risk, governance, and compliance, while collaborating with stakeholders to ensure compliance with various standards.
Responsibilities:
โ€ข Support Information Security Systems Manager with the maintenance of Information Security documentation, supporting changes in the organization, technology, or threat landscape.
โ€ข Provide Information Security Program reporting related to metrics and dashboards for various Dorsey committees as requested by Information Security Systems Manager.
โ€ข Create and oversee the distribution of Bimonthly Information Security communications released Firm wide.
โ€ข Collaborate with Firm and Information Services process owners and stakeholders, internal and external assessors and auditors to execute and review risk assessments, internal and external surveillance audits resulting in the recertification (e.g., ISO 27001, GDPR). Document audit findings, remediation action plans and audit report responses.
โ€ข Consult with Information Services teams, Dorsey Business Teams and advise on Compliance requirements, and Information Security Standards and Controls.
โ€ข Collaborate with Information Services team stakeholders to implement processes that automate and continuously monitor Compliance-related, Information Security Standard controls, and approved exceptions.
โ€ข Assist GRC and Information Security management with ISMS continuous operation, monitoring, and improvement of the Information Security Management System (ISMS) by organizing and executing annual internal audits and management reviews.
โ€ข Maintain Compliance-related documentation, including policies, procedures, Statement of Applicability, are current and reflect any changes in the organization, technology, or threat landscape.
โ€ข Complete Client-generated pre- and post-contract security controls and risk review assessment, audits, in support of Dorsey client requests.
โ€ข Review and provide security input into Client RFP Responses. Support Marketing and Business Development teams with RFP response requests as they pertain to Information Security information.
โ€ข Perform Dorsey-requested pre-contract security controls and risk review of technology, software, and services.
โ€ข Maintain Dorsey SIG Questionnaire and ndMax AI chatbot, collaborating with key Information Services stakeholders for its currency.
โ€ข Assist the Information Security Systems Manager with project-based risk assessments, interviewing, collecting data, and documenting risk. May be asked to present risk assessment results to Head of Cybersecurity and CIO for discussion and drive decision-making. Document risk decision in risk register if necessary.
โ€ข Maintain Firm Technology Risk Register, provide reporting and coordinate meetings with Information Services Leadership to discuss open risk items and remediation actions.
โ€ข Support the Information Security Systems Manager in the creation of an annual Firm-wide Annual Security Awareness Training Program, Human Risk Initiative, with Phish Simulation Testing.
โ€ข Support the delivery of a focused 8-week training program for currently hired business professionals, New Hired business professionals training.
โ€ข Support the delivery of multi-month, Firm-wide Phish Simulation Testing.
โ€ข Prepare Human Risk reporting and update Human Risk Calculations and additional training assigned by the Information Security Systems Manager.
โ€ข Execute the project-based enhancement of RBAC, Rights, Permissions, Groups, and Entitlement Definition and Clean-Up for Privileged Accounts (PIM), Service Accounts, and User Accounts, this position will support the ongoing Identity & Authorization Services Compliance Oversight process.
โ€ข Execute post-project oversight process will validate the defined, repeatable process being followed to ensure all user, privileged users, and service accounts maintain security to reduce risk of unauthorized access.
โ€ข Execute oversight process to ensure assurance is validated, repeatable processes are being followed to ensure all human and nonhuman accounts maintain security that reduce risk of unauthorized access and shrink attack surfaces.
โ€ข Perform the quarterly NetDocuments access review as assigned.
โ€ข Support the DLP Program Execution and Oversight to ensure the DLP controls meet Client, ISO, Information Governance, and Regulatory requirements.
โ€ข May perform other duties not listed above.
Qualifications:
Required:
โ€ข Bachelor's Degree or equivalent in Business, Computer Science or equivalent experience.
โ€ข At least 3-5 years (preferred 5-7 years) of demonstrated experience across three of the following: Implementing or maintaining an Information Security Management System (ISMS) aligned to one or more of the following compliance frameworks: ISO 27001:2013, ISO 27001:2022, SOC2, GDPR, NIST Cybersecurity Framework (CSF), or NIST 800-53.
โ€ข Implementing or maintaining information security policies, standards, controls, guidelines, and procedures in one or more of the following compliance frameworks: ISO 27001:2013, ISO 27001:2022, SOC2, GDPR, NIST Cybersecurity Framework (CSF), or NIST 800-53.
โ€ข Client-request assessment, audit experience and IT/Security technology, software security risk assessment reviews.
โ€ข Similar technology/information security focused experience with minimum of 3 years' experience with at least two of the following: Compliance function, Information security risk and risk frameworks, IT/security governance, and audit, Security awareness training programs.
โ€ข At least 3-5 years (preferred 5-7 years) of experience with: Successful planning, preparing, and delivery of audit (re)certification, authorization of in-scope technology asset compliance environments and boundaries.
โ€ข Performing client security risk assessments, RFP Cybersecurity responses, driving Third-Party Vendor Technology and Service Security Risk Assessments and ongoing Monitoring.
โ€ข Hands-on experience defining, implementing, and maintaining annual information security training program.
โ€ข At least 2-3 years of handsโ€‘on experience driving IAM enhancements using automation and tooling across hybrid AD/Entra environments, including group and role analysis, AD permission cleanup, RBAC design and implementation, leastโ€‘privilege enforcement, privileged access reduction, and integration of IAM with HR and IT lifecycle workflows.
โ€ข At least 2โ€“3 years of handsโ€‘on experience executing Data Loss Prevention (DLP) enhancement initiatives, including defining data in scope, implementing data classification and tagging, developing and deploying DLP policies and alerting requirements, performing initial analysis of data flows and risks, and partnering with SOC, IT, and business teams to ensure ongoing compliance and control effectiveness.
โ€ข Excellent written and verbal communication skills; demonstrated experience, communicating and collaborating effectively across business and technology areas.
โ€ข Ability to work independently, excellent organizational and management skills.
โ€ข Ability to manage and prioritize multiple tasks and adapt to needed changes.
โ€ข Knowledge of on-premises and MSFT Azure, M365 Tenant-based technologies and cloud infrastructure platforms (e.g., Microsoft Azure, Microsoft 365, Microsoft AD & Entra, Microsoft Purview, OneDrive, TEAMS, Sentinel, Microsoft Defender, Exchange Online, Exchange On-Prem, Zoom, Jabber, Document Management Systems, SSO, OAuth) and SaaS-based application frameworks to evaluate key information security requirements, controls, risk areas.
Preferred:
โ€ข At least one certification such as CISSP, CISM, and/or CISA.
โ€ข At least 5-7 years' Governance, Risk, and Compliance experiences, listed above.
โ€ข Prior Legal or Professional Services experience.
โ€ข Informed on information security industry standards and best practices.
Company:
Clients have relied on the international law firm of Dorsey & Whitney LLP since 1912 as a trusted legal advisor and valued business partner. Founded in 1912, the company is headquartered in Minneapolis, USA, with a team of 1001-5000 employees. The company is currently Late Stage.