Haystack
← Back to Jobs
Technology

GRC Analyst

Trigent Software, Inc. Account NumberBoston, MA🇺🇸United StatesPosted 15 Jul 2026

Quick Overview

Work Type
On Site
Level
Mid Senior

Job Description

Title: GRC Analyst
Location: Boston, MA  (Onsite once in a month)
Duration: 12 Months (Possible Extension)
 
Summary:
We are seeking a highly analytical and experienced GRC Analyst to lead risk assessments, draft robust security policies, and ensure compliance across global frameworks. In this role, you will bridge the gap between technical security measures and regulatory requirements.
The ideal candidate will have strong hands-on experience conducting Third-Party Risk Assessments, performing comprehensive Gap Analyses, and evaluating Product Risks. Furthermore, given our global footprint, deep familiarity with GDPR alongside standard security frameworks (NIST CSF, ISO 27001) is critical.
Key Responsibilities
  • Comprehensive Risk Assessments: Conduct end-to-end Risk Assessments (RA) on internal systems, business processes, and emerging products (Product Risk Assessments) to identify and mitigate vulnerabilities.
  • Third-Party & Vendor Risk Management (TPRM): Lead security reviews on third-party vendors, partners, and SaaS tools to evaluate their security posture and ensure they meet organizational standards before onboarding.
  • Policy Drafting & Governance: Author, update, and implement comprehensive Information Security (IS) policies, standards, and guidelines aligned with industry best practices and global frameworks.
  • Regulatory Compliance & GDPR: Ensure continuous compliance with global data privacy regulations, specifically GDPR and US-specific requirements, coordinating closely with legal and privacy teams.
  • Gap Analysis & Audit Prep: Execute regular gap analyses against frameworks like NIST CSF and ISO 27001 to identify weaknesses in the current security posture and drive remediation plans.
  • Metrics & Reporting: Develop risk registers, track remediation efforts, and prepare performance dashboards for local and global leadership teams.
Required Qualifications & Skills
  • Experience: 4+ years of dedicated experience in IT Governance, Risk, and Compliance (GRC) or IT Audit.
  • Framework Mastery: Strong working knowledge of NIST CSFISO/IEC 27001, and GDPR compliance.
  • Hands-on Assessment Skills: Proven experience conducting Third-Party/Vendor Risk Assessments and Product/Application Risk Assessments.
  • Technical Writing: Exceptional ability to draft clear, concise, and enforceable Information Security policies from scratch.
  • Preferred Certifications: Possession of (or active pursuit of) one or more of the following:
  • CISA (Certified Information Systems Auditor)
  • CRISC (Certified in Risk and Information Systems Control)
  • CISSP (Certified Information Systems Security Professional)
  • CIPP/E or CIPM (Certified Information Privacy Professional/Europe)
Preferred Qualifications
  • Experience working in a global organization with cross-border data transfer requirements.
  • Experience in highly regulated industries (e.g., Pharmaceuticals, Biotech, Healthcare, or Finance).
  • Familiarity with GRC management tools (e.g., ServiceNow GRC, OneTrust, Archer).
 

Skills

GDPR

Similar jobs