IT GRC Analyst

Status: Direct Hire Job Title: IT GRC Analyst Salary: $100,000-$119,000 Location: On-site in Houston, TX About the company: We are an industry leader in small modular nuclear reactor technology, committed to delivering scalable, safe, and reliable clean energy solutions. With a focus on innovation and sustainability, we design advanced nuclear power plants that provide affordable and carbon-free energy to meet the growing global demand. Our mission is to revolutionize the energy landscape by offering modular reactors that are both flexible and efficient, supporting the transition to a cleaner, more sustainable energy future. Backed by decades of research and expertise, our technology is designed to provide long-term, low-cost energy while reducing environmental impact. We are dedicated to advancing the next generation of nuclear energy and are proud to contribute to the world’s clean energy goals with our cutting-edge solutions. IT GRC Analyst: Our client is seeking an experienced IT GRC Analyst to support enterprise-wide governance, risk, and compliance initiatives. This role plays a key part in evaluating technology risks, strengthening internal controls, and ensuring alignment with relevant policies, regulations, and industry frameworks. The ideal candidate is detail-oriented, proactive, and comfortable collaborating across teams to enhance processes, support audits, and maintain ongoing compliance activities. This role is onsite in Houston, Texas. IT GRC Analyst Responsibilities: Develop, maintain, and update IT policies, procedures, and standards that support IT General Controls and overall compliance objectives. Align IT controls with leading industry frameworks such as NIST, COSO, ISO, and ITIL to ensure effective governance and SOX support. Monitor and report on ITGC compliance status, providing clear communication and visibility to leadership. Partner with cross-functional stakeholders during the creation, enhancement, and review of IT controls. Support risk assessments, including identifying risks, evaluating impacts, and assisting in mitigation planning. Perform control development, testing, and ongoing monitoring to ensure control effectiveness. Track issues and remediation activities to ensure timely resolution. Maintain the risk register and ensure documentation is complete, accurate, and up to date. Assist with regulatory compliance efforts, including monitoring requirements and maintaining documentation. Provide audit support for internal and external reviews, including evidence collection and process walkthroughs. Support training, communication, and awareness initiatives related to IT governance and compliance. Conduct compliance testing and recurring review activities, including periodic user access reviews. IT GRC Analyst Qualifications: Bachelor’s degree in Computer Science, Information Systems, Cybersecurity, Business, or a related discipline; equivalent experience may be considered in lieu of a degree. Minimum of 5 years of IT experience with at least 2 years focused on IT audit, compliance, risk management, or security functions. Experience with SailPoint is a plus. Hands-on experience executing risk assessments, performing control testing, developing controls, and contributing to policy and procedure creation. Familiarity with GRC-related tools and platforms, such as identity governance solutions, privileged access management, risk monitoring systems, or access review tools. Strong analytical and problem-solving capabilities with the ability to work independently and exercise good judgment. Excellent written and verbal communication skills, including the ability to interpret complex information and collaborate across teams. Demonstrated ability to prioritize tasks, manage timelines, and adapt to shifting requirements or interruptions. Reliable, detail-oriented, and able to build strong working relationships across departments. Experience working in regulated or quality-driven environments and understanding of quality assurance principles is preferred. Must be eligible to work under applicable U.S. federal requirements related to nuclear or energy sector compliance (including DOE 10 CFR Part 810).