Contract‑to‑Hire | $130–140K Conversion Salary | Remote OK (Denver onsite preferred; relocation available upon conversion)
The GRC Analyst supports the Global Information Security Office by driving governance, risk management, and compliance initiatives across the organization. This role requires a proactive, flexible professional who can operate in a fast‑changing environment, communicate effectively with leadership, and quickly take ownership of key GRC activities.
Support company‑wide information security risk assessments for projects, systems, and vendors.
Assist with internal and external audits (e.g., J‑SOX), evidence collection, and remediation tracking.
Maintain compliance with ISO 27001, NIS2, GDPR, and other regulatory frameworks.
Contribute to policy development, updates, and global rollout.
Conduct vendor security assessments, review questionnaires, validate controls, and document findings.
Escalate high‑risk issues and support mitigation follow‑up.
Develop and maintain dashboards, including the CISO Dashboard.
Collect, validate, and analyze KPIs/KRIs related to compliance, risk, audits, incidents, and training.
Present insights to leadership with clear, accurate reporting.
Support security awareness initiatives, including e‑learning content, phishing exercises, and internal communications.
Track global cybersecurity regulatory changes (e.g., NIS2, ICS/OT requirements, FDA expectations).
Support gap assessments and compliance readiness.
Assist in evaluating risks related to AI systems and third‑party AI tools.
Support governance controls for secure AI use.
Improve GRC processes, tools, and documentation.
Support internal projects, automation efforts, and cross‑functional initiatives.
Provide coordination for security committees and working groups.
3–5+ years in information security, GRC, IT audit, or risk management.
Strong communication skills; comfortable engaging with leadership.
Experience with ISO 27001 and NIS2 (required).
Experience conducting or supporting risk assessments and audits.
Understanding of vendor security assessment processes.
Ability to work independently in a dynamic environment with shifting priorities.
Experience with GRC platforms (e.g., BitSight, Drata, OneTrust, Archer).
Familiarity with cybersecurity domains (IAM, endpoint security, cloud, vulnerability management).
Data analysis and dashboard/reporting experience.
Awareness of emerging regulations (NIS2, AI governance, critical infrastructure).
Experience working with global teams.
Bachelor’s degree in Cybersecurity, Information Systems, Computer Science, or related field—or equivalent experience.
Certifications such as CISSP, CISA, CISM, or ISO 27001 Lead Implementer/Auditor are a plus.
By providing your phone number, you consent to: (1) receive automated text messages and calls from the Judge Group, Inc. and its affiliates (collectively "Judge") to such phone number regarding job opportunities, your job application, and for other related purposes. Message & data rates apply and message frequency may vary. Consistent with Judge's Privacy Policy, information obtained from your consent will not be shared with third parties for marketing/promotional purposes. Reply STOP to opt out of receiving telephone calls and text messages from Judge and HELP for help.
The Judge Group Inc., is a leading professional services firm specializing in talent, technology, and learning solutions. We consult, staff, train, and solve. Through our work we make people and organizations better. Our services are successfully delivered through a network of more than 30 offices across the United States, Canada, and India.
The Judge Group is proud to partner with the best and brightest companies in business today, including over 60 of the Fortune 100. We serve organizations in financial services, healthcare, life sciences, insurance, government (including aerospace and defense), manufacturing, and technology and telecommunications. If you would like to learn more about The Judge Group visit www.judge.com or call toll free (800) 360-4474.