Governance, Risk, and Compliance (GRC) Analyst

Osaic is a company that focuses on IT Governance, Risk, and Compliance operations. The IT GRC Analyst I role is responsible for supporting IT risk and control management, regulatory compliance, and audit readiness, while collaborating with various teams to maintain compliance with organizational policies.

Responsibilities

• Assist with IT risk and control management by managing the IT risk register, performing risk assessments, documenting IT controls, tracking issues and exceptions, and supporting issue remediation activities
• Support audit readiness activities prior to formal audits by validating IT control compliance, identifying gaps, and preparing documentation to ensure systems and processes meet regulatory and internal requirements
• Coordinate audit evidence gathering during active audits by managing evidence requests, collecting and organizing documentation from stakeholders, and ensuring timely delivery to internal and external auditors
• Contribute to vendor risk management processes by helping review vendor questionnaires, monitor risk ratings, and track remediation actions
• Assist with technical product risk management by maintaining an inventory of in-house and third-party products, performing or supporting technical product risk assessments, identifying issues and defining action plans, and evaluating product maturity to ensure alignment with security and compliance standards
• Help maintain IT risk registers and compliance records in the Osaic IT GRC platform
• Assist with cybersecurity governance reporting and metrics by compiling data on control effectiveness, risk trends, and compliance status for leadership dashboards
• Support exception management processes by tracking approvals, documenting compensating controls, and monitoring aging of exceptions
• Maintain and update Osaic’s IT policies to ensure they remain current, accurate, and aligned with regulatory and organizational requirements
• Assist with security awareness and training initiatives by supporting the development and delivery of programs that promote adherence to policies and best practices across the organization
• Provide backup coverage for other IT GRC analysts to ensure continuity across IT GRC domains
• Perform additional IT GRC responsibilities as assigned to support team objectives and compliance obligations

Skills

• Bachelor's degree preferred; high school diploma (or equivalent) in combination with significant experience will be considered in lieu of degree
• Minimum of high school diploma or equivalent is required
• 1–3 years of experience in IT, cybersecurity, or compliance
• Basic understanding of IT risk management, regulatory frameworks, and audit principles
• Strong organizational and documentation skills with attention to detail
• Ability to learn quickly and adapt across multiple GRC domains
• Good communication skills and ability to work in a team environment
• Familiarity with GRC platforms
• Experience supporting IT governance processes and creating governance metrics or dashboards for reporting to leadership or audit committees
• Exposure to regulatory frameworks such as NYDFS, SEC Reg S-P, or NIST CSF
• Experience with vendor risk management or third-party risk processes
• Strong analytical skills for interpreting risk and compliance data
• Professional certifications such as CompTIA Security+, CRISC, or similar are a plus

Benefits

• Health, vision, dental insurance
• 401k
• Paid time away
• Volunteer days

Company Overview