Current Employees and Contractors Apply Here
Osaic Careers
Governance, Risk, and Compliance (GRC) Analyst
Location(s):
Atlanta: 2300 Windy Ridge Pkwy SE, Suite750, Atlanta, GA 30339
La Vista:12325 Port Grace Blvd, La Vista, NE 68128
Oakdale: 7755 3rd St. N, Oakdale, MN 55128
Scottsdale: 18700 N Hayden Rd, Suite 255, Scottsdale, AZ 85255
St. Petersburg: 877 Executive Center Dr. W, Suite 300, St. Petersburg, FL 33702
Osaic has returned to the office on a hybrid schedule requiring a minimum of 4 days weekly in the office. Applicants should be located at one of our hubs listed above and must be willing to work this schedule.
Role Type: Full-time, Non-Exempt
Salary: $80,000 - $90,000 + annual performance-based bonus
Actual compensation offered will be determined individually, based on a number of job-related factors, including location, skills, licensure, experience, and education.
Our competitive compensation is just one component of Osaic’s total compensation package. Additional benefits include health, vision, dental insurance, 401k, paid time away, volunteer days and much more. To view more details of what you can look forward to, visit our careers page: Osaic Benefits.
Summary:
The IT GRC Analyst I supports Osaic’s IT Governance, Risk, and Compliance (GRC) operations across all domains. This role combines foundational knowledge of IT risk and compliance with strong organizational skills to ensure effective governance processes throughout the organization.
In this position, you will assist with IT risk and control management, regulatory compliance, audit readiness, vendor risk management, technical product risk assessments, cybersecurity governance reporting, and exception management. You will work closely with teams across Security, Infrastructure, and Audit, collaborating with other analysts in the IT GRC department to maintain compliance with Osaic’s policies and regulatory requirements.
Education Requirements:
Bachelor’s degree preferred; high school diploma (or equivalent) in combination with significant experience will be considered in lieu of degree. Minimum of high school diploma or equivalent is required.
Responsibilities:
- Assist with IT risk and control management by managing the IT risk register, performing risk assessments, documenting IT controls, tracking issues and exceptions, and supporting issue remediation activities.
- Support audit readiness activities prior to formal audits by validating IT control compliance, identifying gaps, and preparing documentation to ensure systems and processes meet regulatory and internal requirements.
- Coordinate audit evidence gathering during active audits by managing evidence requests, collecting and organizing documentation from stakeholders, and ensuring timely delivery to internal and external auditors.
- Contribute to vendor risk management processes by helping review vendor questionnaires, monitor risk ratings, and track remediation actions.
- Assist with technical product risk management by maintaining an inventory of in-house and third-party products, performing or supporting technical product risk assessments, identifying issues and defining action plans, and evaluating product maturity to ensure alignment with security and compliance standards.
- Help maintain IT risk registers and compliance records in the Osaic IT GRC platform.
- Assist with cybersecurity governance reporting and metrics by compiling data on control effectiveness, risk trends, and compliance status for leadership dashboards.
- Support exception management processes by tracking approvals, documenting compensating controls, and monitoring aging of exceptions.
- Maintain and update Osaic’s IT policies to ensure they remain current, accurate, and aligned with regulatory and organizational requirements.
- Assist with security awareness and training initiatives by supporting the development and delivery of programs that promote adherence to policies and best practices across the organization.
- Provide backup coverage for other IT GRC analysts to ensure continuity across IT GRC domains.
- Perform additional IT GRC responsibilities as assigned to support team objectives and compliance obligations.
Basic Requirements:
- 1–3 years of experience in IT, cybersecurity, or compliance.
- Basic understanding of IT risk management, regulatory frameworks, and audit principles.
- Strong organizational and documentation skills with attention to detail.
- Ability to learn quickly and adapt across multiple GRC domains.
- Good communication skills and ability to work in a team environment.
Preferred Requirements:
- Familiarity with GRC platforms.
- Experience supporting IT governance processes and creating governance metrics or dashboards for reporting to leadership or audit committees.
- Exposure to regulatory frameworks such as NYDFS, SEC Reg S-P, or NIST CSF.
- Experience with vendor risk management or third-party risk processes.
- Strong analytical skills for interpreting risk and compliance data.
- Professional certifications such as CompTIA Security+, CRISC, or similar are a plus.