Governance, Risk, and Compliance Analyst
Remote
Full Time
Entry Level
2+ years
Posted 2 weeks ago
Interested in this position?
Upload your resume and we'll match you with this and other relevant opportunities.
Upload Your ResumeAbout This Role
Support and mature the information security and compliance program, focusing on maintaining compliance with frameworks like SOC 2 and ISO/IEC 27001. Develop and maintain security policies, procedures, and support vendor risk and customer security questionnaire processes.
Responsibilities
- Support ongoing compliance efforts for SOC 2 Type II and ISO/IEC 27001, including audits, evidence collection, and remediation tracking
- Draft, review, and maintain security policies, standards, procedures, and supporting documentation
- Coordinate with internal stakeholders (IT, Security, Engineering, HR, Legal) to ensure controls are implemented and documented
- Manage and respond to vendor and customer security questionnaires (SIG, CAIQ, custom questionnaires, etc.)
- Assist with vendor risk management, including risk assessments and documentation review
- Support risk assessments and maintain a risk register
- Map controls and manage audit evidence across compliance frameworks
- Track audit findings, remediation efforts, and compliance metrics
- Help maintain compliance artifacts, audit evidence repositories, and control mappings
- Stay current on relevant compliance and security best practices
Requirements
- 2+ years of experience in GRC, compliance, or information security role
- Hands-on experience supporting SOC 2 and/or ISO/IEC 27001 programs
- Experience creating and maintaining security policies and procedures
- Familiarity with vendor risk management and security questionnaire processes
- Strong written communication and documentation skills
- Ability to work cross-functionally and manage multiple compliance efforts simultaneously
- Experience with audit management platforms (e.g., Vanta, Drata, Secureframe, Tugboat Logic)
Qualifications
- 2+ years of experience in a GRC, compliance, or information security role
Nice to Have
- Experience working in a remote environment
- Familiarity with additional frameworks (NIST 800-53/171, CIS, HIPAA)
Skills
HIPAA
*
NIST 800-53
*
SOC 2
*
CIS
*
NIST 800-171
*
ISO/IEC 27001
*
Vanta
*
Drata
*
Secureframe
*
Tugboat Logic
*
* Required skills
Benefits
Tuition Reimbursement
Dental plans
Medical plans
AD&D coverage
Professional licensing assistance
HDHP w/ HSA option
PTO
401(k) with company match
Vision plans
Short- and Long-Term Disability
Company-paid life insurance coverage
Paid time off during the last week of the year
Paid parental leave
Professional development opportunities
Flex spending accounts (FSA)
PPO-style plans
Self-directed brokerage account option
Certifications
CISA
(Required)
Security+
(Required)
CRISC
(Required)
ISO 27001 Lead Implementer/Auditor
(Required)
About DLB Associates
DLB Associates is a premier engineering and consulting firm specializing in innovative, mission-critical solutions across hyperscale data centers, advanced infrastructure, and high-performance building systems.
Professional Services
View all jobs at DLB Associates →