Job Title: Senior GRC Analyst
Division: Governance, Risk & Compliance – IT Security
Position Summary
The Senior GRC Analyst will act as a key contributor to Vertiv’s Governance, Risk, and Compliance initiatives, driving risk assessments, security reviews, audit readiness, and third-party risk management efforts. This role supports continuous improvement of the risk register and policy exception processes, partners with cross-functional stakeholders, and helps develop a scalable security and compliance posture across the organization.
Key Responsibilities
- Lead IT risk assessments, mitigation planning, and control monitoring activities.
- Oversee risk register updates and coordinate with risk owners and SMEs to track mitigation actions.
- Drive third-party risk reviews and assessments using OneTrust and SecurityScorecard, escalating high-risk vendors for action.
- Conduct contract reviews focused on information security terms and recommend necessary revisions.
- Respond to customer security questionnaires with input from SMEs using Loopio.
- Supervise compliance training rollouts (e.g., phishing campaigns, annual security awareness training).
- Review and recommend changes to IT security policies and standards aligned with ISO 27001, NIST CSF, and other frameworks.
- Support internal and external audits by gathering evidence and assisting with SOX and ISO audit readiness.
- Generate and present GRC dashboards and KPIs to leadership to inform risk posture and team performance.
- Act as an escalation point for GRC process inquiries and ticket-related exceptions.
- Mentor junior analysts and support GRC program maturity through playbooks, SOPs, and process documentation.
Qualifications
- Bachelor’s degree in information systems, Cybersecurity, or a related field.
- 5+ years of experience in GRC, IT Risk Management, or Information Security.
- Strong understanding of ITGC, SOX, ISO 27001, NIST CSF, and data privacy regulations (e.g., HIPAA, GDPR).
- Experience with GRC platforms such as ServiceNow GRC, OneTrust, and SecurityScorecard.
- Strong documentation and analytical skills with experience preparing audit-ready evidence.
- Certifications such as CISA, CISSP, ISO 27001 Lead Implementer or Auditor (preferred).
- Excellent communication and stakeholder management skills across global teams.
- Strong organizational skills and ability to manage multiple deliverables independently.