V
Junior GRC Analyst (Student Associate)
Verterim
4h ago
0OtherRemote, USjobspy_indeed
remoteindeed
Job Description
**Junior GRC Analyst (Student Associate)**
**Location:** TBD (Remote / Hybrid in NC / On‑site)
**Employment Type:** Hourly rate with Project‑based performance, outcome‑driven (not tied to set daily hours)
**Department:** Managed GRC Associate Program
**Reports To:** Senior Manager / Client Engagement Lead
**About the Program**
Our Managed GRC Associate Program is modeled on the “Tier 1 SOC Analyst” approach applied to Governance, Risk, and Compliance. Student Associates execute structured, repeatable procedures that prepare data for senior decision‑makers—freeing experienced consultants to focus on strategy while building a pipeline of workforce‑ready GRC talent.
**The Role**
As a **Junior GRC Analyst**, you will support multiple client assignments under the direction of our senior managers and client stakeholders. Work is **outcome‑based**—measured by deliverables and quality, not by set hours per day, although you will be paid hourly for your efforts. You’ll develop hands‑on experience across policy operations, third‑party risk management (TPRM), evidence collection, vulnerability governance, identity \& access hygiene, and collaboration with AI agents that streamline high‑volume tasks.
**What You’ll Do**
* **Policy Management \& Standardization**
+ Tailor, format, and maintain client policies using established templates (e.g., ISO/NIST).
+ Drive annual review cycles: reminders, tracking, and sign‑off capture.
+ Perform initial control mapping (e.g., policy ISO 27001, NIST CSF/800‑53, CMMC) for senior review.
* **Core GRC Data Maintenance and hygiene**
+ Run and manage imports of GRC core data for example
+ Employee / contactor tables
+ Asset tables
+ Exception tables
* **Vendor Risk (TPRM)**
+ Coordinate vendor outreach, send questionnaires (e.g., SIG Lite, CAIQ), and follow up to closure.
+ Review customer / client questionnaires and generate AI responses and review
+ Validate documentation (e.g., SOC 2 period/entity scope, bridge letters).
+ Review contracts for standard terms, highlight issues and review with senior GRC team members
+ Apply first‑pass scoring with a key‑answer guide; flag high‑risk responses for escalation.
* **Continuous Evidence Collection**
+ Execute monthly “evidence hunts” aligned to frameworks (ISO 27001, SOC 2\).
+ Upload artifacts to the GRC platform; trigger compliance alerts when gaps are discovered.
* **Vulnerability Governance**
+ Produce weekly SLA reports (e.g., criticals \> 14 days), open/route tickets, and track resolution.
+ Reconcile scan coverage vs. asset inventory to identify blind spots.
+ Review exception/false‑positive requests for completeness before senior approval.
* **Identity \& Access Hygiene**
+ Prepare clean user lists for access reviews; highlight anomalies and terminations.
+ Perform termination checks (HR AD) to ensure timely account deactivation.
+ Document role‑based access expectations via stakeholder interviews.
* **AI‑Enabled GRC Operations
