GRC Analyst

GRC Analyst 1

Location; Lake Zurich, IL, US

Department: PC/LAN

General Description:

As a GRC (Governance, Risk, and Compliance) Analyst in the IT Security team, you will play a key role in supporting the organization's security compliance initiatives, risk management processes, and governance frameworks. The GRC Analyst will work closely with cross-functional teams to ensure that the company’s security policies, regulatory requirements, and industry best practices are implemented, monitored, and maintained. This position is critical to maintaining DMI’s IT security posture and ensuring the company remains compliant with relevant standards and regulations.

Essential Functions and Duties:

• Governance: Assist in the development, review, and enforcement of security policies, standards, and procedures to ensure alignment with business objectives and regulatory requirements.
• Risk Management: Identify, assess, and document IT security risks. Develop mitigation strategies and track the implementation of risk-reducing measures.
• Compliance: Support internal and external audits by preparing relevant documentation, maintaining compliance checklists, and addressing audit findings. Ensure compliance with industry standards such as ISO 27001, NIST, and other relevant regulations.
• Security Awareness: Collaborate with the IT Security team to create and deliver security awareness training and campaigns throughout the organization.
• Incident Response: Assist in the development of incident response protocols and support post-incident reviews to ensure security events are managed efficiently and root causes are addressed.
• Audit Support: Liaise with internal and external auditors, ensuring necessary evidence is available and assisting in responding to audit requests.
• Metrics and Reporting: Compile risk and compliance metrics for senior management and provide regular reports on GRC activities, risks, and trends.
• Successfully complete annual regulatory compliance training.
• Performs other related duties as assigned.

Required Qualifications:

• Bachelor’s degree in Information Technology, Cybersecurity, or a related field, or equivalent work experience.
• 1-2 years of experience in IT governance, risk management, and compliance.
• Understanding of security frameworks such as ISO 27001, NIST, or similar.
• Experience with risk assessment methodologies and tools.
• Familiarity with regulatory compliance requirements (e.g., SOC 2).
• Excellent communication and documentation skills with the ability to present complex information clearly to both technical and non-technical audiences.
• Strong analytical and problem-solving skills.
• Relevant certifications such as CISA, CRISC, CISSP, or similar are a plus.