CONTACT US

GRC Analyst

Cybersecurity

Boston, MA

Contract

Hybrid

$65.00 – $70.00 per Hour

Apply for job

Back to all jobs

** Due to client requirements, applicants must be able to work on a w2 basis

Job Overview
An organization is seeking a GRC Policy Analyst to support and enhance its Governance, Risk, and Compliance (GRC) program. This role focuses on developing, maintaining, and improving IT policies aligned with recognized cybersecurity frameworks, while supporting compliance initiatives and risk management activities. Candidates with strong policy writing skills, experience in GRC environments, and familiarity with security frameworks will be prioritized.

Must Haves

  • 3+ years of experience in a technology-related role

  • 1–2 years of experience supporting GRC, risk, or compliance initiatives

  • Experience developing, reviewing, and maintaining IT policies and documentation

  • Familiarity with cybersecurity frameworks such as NIST

  • Experience tracking risks, findings, and remediation efforts within a risk management platform

  • Strong written, visual, and verbal communication skills

  • Ability to manage multiple initiatives and collaborate across departments

  • Basic project management experience (Agile, Waterfall, or similar methodologies)

What the Client Needs You to Do
You will play a key role in maturing the organization’s policy and compliance programs by developing structured processes for policy lifecycle management and exception tracking. This includes working with stakeholders to create and maintain documentation, supporting audit and compliance activities, and ensuring alignment with cybersecurity standards. You will also contribute to broader GRC initiatives, helping strengthen governance and risk oversight across the organization.

Key Responsibilities

  • Develop, review, and maintain IT policies, standards, and procedures aligned with security frameworks

  • Establish and manage policy lifecycle processes, including tracking, review cycles, and updates

  • Lead and maintain policy exception processes, including tracking, reporting, and remediation efforts

  • Collaborate with stakeholders to document processes and ensure alignment with governance standards

  • Support compliance initiatives by gathering and managing documentation for audits and regulatory requirements

  • Provide guidance on security controls and policy requirements for IT projects and initiatives

  • Track and report on policy status, exceptions, and compliance metrics to leadership

  • Assist with risk management activities, including maintaining risk registers and tracking findings

  • Contribute to continuous improvement of GRC processes, tools, and documentation standards

  • Support broader GRC initiatives including risk assessments, training, and governance activities

Additional Information

  • This role operates within a collaborative GRC team supporting enterprise-wide technology initiatives

  • Experience with regulatory frameworks (e.g., PCI-DSS or similar standards) is beneficial

  • Familiarity with risk management platforms and reporting tools is preferred

  • Advanced degrees in technology, business, or related fields are a plus

  • Certifications such as CRISC, CIPP/US, or similar GRC credentials are advantageous

  • Candidates should be comfortable working in dynamic environments with evolving priorities and compliance requirements

W2 employees of Overture Partners who work 30 or more hours per week are eligible for the following benefits: medical (choice of 3 plans), 401(k) starting on day one, a variety of voluntary benefits including life and disability insurance, and sick time if required by law in the worked-in state/locality.

#25241

Apply now

"*" indicates required fields

Accepted file types: doc, docx, pdf, txt, Max. file size: 3 MB.
Accepted file types: doc, docx, pdf, txt, Max. file size: 3 MB.