1

Contract Grc Analyst Jobs in Decatur, GA (NOW HIRING)

About the Role Merci Technologies is seeking a GRC Analyst to support the governance, risk, and ... This is a fully remote position open to Contract or Full-Time candidates. Key Responsibilities

... a remote contract engagement. In this role, you will serve as the primary driver of the ... Mentor and guide junior GRC analysts and contribute to team capability development * Stay current ...

IT Manager -Atlanta, GA

Atlanta, GA · On-site

$91K - $112K/yr

Collect, analyze, and report IT quality metrics to support continuous improvement initiatives ... contracts. * Demonstrated ability to lead teams and manage shifting priorities. * Strong GRC ...

This role is ideal for someone who has strong analytical capabilities, experience with global ... Demonstrate familiarity with Governance, Risk, and Compliance (GRC) software-preferably ServiceNow ...

Program Manager, IT

Atlanta, GA · On-site

$111K - $112K/yr

Track budget versus actual at the contract level. Produce TCO analyses, savings and cost-avoidance ... Coordinate with Cybersecurity GRC for third-party risk assessments, with Legal for contract risk ...

Contract Grc Analyst information

See Decatur, GA salary details

$35.6K

$95.3K

$223.1K

How much do contract grc analyst jobs pay per year?

As of Jul 10, 2026, the average yearly pay for contract grc analyst in Decatur, GA is $95,348.00, according to ZipRecruiter salary data. Most workers in this role earn between $53,700.00 and $108,400.00 per year, depending on experience, location, and employer.

What is a Contract GRC Analyst?

A Contract GRC (Governance, Risk, and Compliance) Analyst is a professional who specializes in evaluating, managing, and ensuring compliance with contractual obligations within an organization. They focus on identifying risks, implementing controls, and maintaining adherence to regulatory standards related to contracts. Their work helps organizations avoid legal issues, reduce risk exposure, and maintain good governance practices. Contract GRC Analysts often collaborate with legal, procurement, and compliance teams to ensure contracts meet all internal and external requirements.

What is the difference between Contract Grc Analyst vs Contract Risk Analyst?

AspectContract Grc AnalystContract Risk Analyst
Required CertificationsGRC certifications, such as CISA or CRISCRisk management certifications, like FRM or CRM
Work EnvironmentCorporate compliance, audit, and governance teamsRisk assessment, mitigation, and analysis teams
Employer & Industry UsageFinancial services, healthcare, and tech companiesFinancial institutions, consulting firms, and corporations

Contract Grc Analysts focus on governance, risk, and compliance frameworks within organizations, ensuring adherence to policies and regulations. Contract Risk Analysts primarily evaluate and mitigate potential risks affecting business operations. While both roles involve risk assessment, GRC Analysts emphasize compliance and governance, whereas Risk Analysts concentrate on identifying and managing specific risks. Both roles often require similar certifications and are used across industries like finance and healthcare.

What are some common challenges faced by Contract GRC Analysts when managing third-party risk assessments?

Contract GRC Analysts often encounter challenges such as incomplete or inconsistent documentation from vendors, varying compliance standards, and tight deadlines for contract reviews. Collaborating with cross-functional teams—including legal, procurement, and IT security—can also require strong communication skills to ensure all risk factors are addressed. Staying updated on regulatory requirements and adapting assessment frameworks accordingly is essential for success in this dynamic role.

What are the key skills and qualifications needed to thrive as a Contract GRC Analyst, and why are they important?

To thrive as a Contract GRC Analyst, you need expertise in governance, risk management, and compliance processes, often supported by a bachelor's degree in a related field and experience with contract review. Familiarity with GRC tools like RSA Archer, compliance management systems, and certifications such as CISA or CRISC are highly valued. Strong analytical thinking, attention to detail, and effective communication skills help you interpret complex regulations and collaborate with cross-functional teams. These skills and qualifications ensure robust risk mitigation, regulatory adherence, and efficient contract management within organizations.
What are the most commonly searched types of Grc Analyst jobs in Decatur, GA? The most popular types of Grc Analyst jobs in Decatur, GA are:
What are popular job titles related to Contract Grc Analyst jobs in Decatur, GA? For Contract Grc Analyst jobs in Decatur, GA, the most frequently searched job titles are:
What job categories do people searching Contract Grc Analyst jobs in Decatur, GA look for? The top searched job categories for Contract Grc Analyst jobs in Decatur, GA are:
What cities near Decatur, GA are hiring for Contract Grc Analyst jobs? Cities near Decatur, GA with the most Contract Grc Analyst job openings:

GRC Analyst

Merci Technologies - Talent

Atlanta, GA • Remote

Full-time

Posted 14 days ago


Job description

About the Role
Merci Technologies is seeking a GRC Analyst to support the governance, risk, and compliance program for one of our enterprise clients. This role sits at the intersection of security, audit, and business operations, translating complex regulatory and framework requirements into practical controls that teams can actually implement and sustain. You will be the person who knows where the control gaps are, what the auditors are going to ask for, and how to keep the organization audit-ready year round rather than scrambling at assessment time.

The work is varied and visible. In a given month you might run a control assessment against NIST CSF, prepare evidence for a SOC 2 examination, complete a vendor risk review for a new SaaS purchase, and brief stakeholders on the status of open findings. You will maintain the policy library, track risk to closure, and act as a trusted advisor to engineering and business teams who need to understand what compliance requires of them. This is a strong fit for someone who is organized, detail-driven, and comfortable holding teams accountable to commitments. This is a fully remote position open to Contract or Full-Time candidates.

Key Responsibilities

  • Conduct control assessments and gap analyses against frameworks including NIST CSF, NIST 800-53, ISO 27001, SOC 2, and CMMC
  • Plan and support internal and third-party audits, including scoping, evidence collection, and walkthroughs
  • Track audit and assessment findings to remediation and closure, escalating risks where needed
  • Develop, maintain, and version-control security policies, standards, and procedures
  • Perform vendor and third-party risk assessments and document risk acceptance decisions
  • Build and maintain the risk register and report risk posture to leadership and stakeholders
  • Support regulatory, customer, and compliance reporting requests
  • Help operationalize new framework or regulatory requirements as they emerge

Required Qualifications

  • 3 to 5 years of experience in governance, risk, and compliance, IT audit, or information security
  • Working knowledge of one or more frameworks: NIST CSF, NIST 800-53, ISO 27001, SOC 2, or CMMC
  • Demonstrated experience supporting audit cycles and risk assessments end to end
  • Ability to read a control requirement and translate it into clear, actionable guidance
  • Strong documentation, organization, and stakeholder communication skills

Preferred Qualifications

  • CISA, CRISC, ISO 27001 Lead Auditor, or CISSP certification
  • Hands-on experience with GRC platforms such as Archer, ServiceNow GRC, or OneTrust
  • Familiarity with defense, healthcare, or financial-services compliance requirements
  • Experience with CMMC readiness and assessment preparation

What You Will Bring
You are the kind of person who reads the fine print and keeps the spreadsheet honest. You can push a remediation owner for an update without burning the relationship, and you can explain to a busy engineer why a control matters in language they care about. You treat compliance as a way to make the organization genuinely more secure, not just to pass an audit.