The GRC Analyst is responsible for supporting the Governance, Risk, and Compliance (GRC) program by ensuring adherence to regulatory requirements and standards, managing risk assessments, assisting and supporting audit and assessment activities and promoting best practices in information security, privacy and compliance. This role involves close collaboration with stakeholders across various departments to develop, implement, and maintain policies and procedures that support company objectives, regulatory compliance, and risk management. Risk Management & Assessment Conduct regular risk assessments, identifying, evaluating, and managing risks to minimize operational and compliance risks in support of the Enterprise Risk Management program. Assist in the coordination of all internal and external audits and assessments such as SOC 1, SOC 2, NIST 800-53, and ISO 9001 QMS, ensuring control compliance and risk mitigation. Monitor risk mitigation efforts and report on key risk indicators. Monitor and ensure compliance with relevant regulatory requirements and standards including but not limited to NIST SP 800-53, Gramm-Leach-Bliley Act (GLBA), PCI-DSS, CCPA, and other applicable federal and state privacy regulations. Contribute to the development of GRC training workshops and policy briefs to ensure awareness of GRC processes and audit preparation. Support internal and external audits by collecting and reviewing artifacts and evidence and providing necessary documentation. Stay current with industry trends, regulatory updates, and best practices to proactively improve GRC processes. Identify opportunities for improvement to GRC tools, processes and functions and provide recommendations to management. Create and maintain positive relationships with internal and external entities. Customer Service Knowledge of principles and processes for providing customer and personal services. This includes customer needs assessment, meeting quality standards for services, and evaluation of customer satisfaction. Law and Government Knowledge of laws, legal codes, court procedures, precedents, government regulations, executive orders, agency rules, and the democratic political process. Complex Problem Solving Identifying complex problems and reviewing related information to develop and evaluate options and implement solutions. Active Listening Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times. Required Education and Experience BS/BA Degree and 2+ years of experience in GRC, Risk Management, Compliance, or a similar role or 3 years experience in lieu of degree. Experience with audit frameworks and standards, SOC, ISO, NIST, or similar. Knowledge of GRC frameworks, risk management methodologies, and compliance standards. Strong analytical, organizational, and problem-solving skills. Excellent written and verbal communication skills with the ability to work cross-functionally. CISA, GRCP, or similar certification in GRC, audit or compliance preferred. Experience with protection requirements for handling and safeguarding sensitive information in both government and private sectors. Ability to manage time, make sound decisions, take independent action, analyze problems, and provide focused solutions. Must have a professional demeanor, people skills, ability to communicate effectively, and be able to perform in a multi-tasked, dynamic environment. Superior organizational skills. Proficient in MS Office Suite. Must be able eligible for or have an active Security Clearance. (United States Citizenship requirement.