Grc Analyst Iii

Required Skills & Experience

-Bachelor's degree in cybersecurity, information assurance, or related

- 6+ years of experience within cybersecurity, risk management, or compliance

- Proven knowledge of cybersecurity and compliance frameworks such as NIST SP 800‑53, CJIS, HIPAA, and PCI‑DSS

- Experience developing and maintaining enterprise security policies, standards, and control frameworks

- Proven ability to conduct enterprise cyber risk assessments across on‑prem, cloud, and third‑party environments

- Demonstrated experience supporting or leading internal and external audits, including regulator and third‑party assessments

- Ability to translate regulatory and compliance requirements into actionable technical and operational controls

- Experience managing risk registers, risk acceptance, and exception processes

- Strong communication skills with the ability to present risk and compliance findings to executive leadership

Do not wait to apply after reading this description a high application volume is expected for this opportunity.

Job Description

Insight Global is seeking a Senior GRC Analyst to sit on site in San Antonio, Texas. As the Senior GRC Analyst, you will be responsible for leading enterprise governance, risk, and compliance (GRC) initiatives to ensure regulatory alignment, enables risk‑informed decision‑making, and integrates security controls across business and technology operations. This position serves as a key advisor and liaison among cybersecurity, legal, audit, and executive leadership.

-Develop, maintain, and enforce enterprise cybersecurity policies, standards, and procedures

-Establish and manage control frameworks, control matrices, and compliance mappings

-Lead enterprise‑wide cyber risk assessments, including business systems, cloud environments, and third‑party vendors

-Identify, analyze, prioritize, and document risks using qualitative and quantitative methods

-Maintain the enterprise risk register and provide risk‑based recommendations to leadership

-Serve as the primary liaison for internal and external audits, regulators, and assessors

-Lead audit readiness efforts, including evidence collection, control testing, documentation, xywuqvp and remediation tracking

-Oversee implementation and effectiveness of security controls across IT, cloud, and business systems

-Validate control performance through continuous monitoring, testing, metrics, and reporting

-Partner with engineering, SOC, and IT teams to operationalize and measure security controls

-Conduct vendor risk assessments and evaluate third‑party compliance with contractual and regulatory requirements

-Recommend risk mitigation strategies, contractual safeguards, and security requirements

-Lead security awareness and training initiatives

-Drive continuous improvement of the GRC program

• -Mentor junior analysts and provide guidance to leadership