Jobgether is looking for a Senior Security GRC Analyst to lead our governance, risk, and compliance initiatives. You will ensure security controls meet regulatory and business requirements while helping build a culture of security awareness across the organization.

What You'll Do

Validate and verify organizational security controls against frameworks such as ISO 27001, ISO 27701, PCI, SOC 2, and other relevant regulatory standards.
Manage the IT Risk Register, including identification, tracking, prioritization, and reporting of risks.
Drive remediation of control deficiencies and gaps, partnering with control owners to implement effective solutions.
Provide guidance on planning, designing, operating, maintaining, and remediating control activities, policies, and processes.
Communicate cybersecurity risk and compliance status to stakeholders and leadership through clear reporting.
Support customer trust initiatives, including security assessments and questionnaire responses.
Develop risk metrics and reports for management, tracking control maturity, compliance status, and performance.
Assist with third-party risk management, ensuring consistent enforcement of information security requirements.

What We're Looking For

8+ years of experience supporting cybersecurity risk or controls management programs.
In-depth knowledge of security frameworks including ISO 27001, ISO 27701, PCI-DSS, SOC, NIST CSF, and other regulatory requirements.
Experience managing audits, certification programs, and control assessments, including scoping, control testing, and risk mapping.
Strong ability to define and execute program vision, strategy, and milestones aligned with organizational priorities.
Proven collaboration skills with engineers, business teams, and security partners to embed security controls seamlessly.
Familiarity with IT infrastructure, networks, databases, ERP systems, and cloud environments.

Nice to Have

Preferred certifications: CISA, CISM, CISSP, CRISC.
Experience in AI infrastructure, machine learning, or computer hardware industry.
Familiarity with Security by Design and Privacy by Design principles, and third-party tools like AuditBoard, Whistic, RSA Archer, or ServiceNow.