[Remote] Cyber Security Analyst

Note: The job is a remote job and is open to candidates in USA. S Piper Staffing LLC is seeking a Senior Cybersecurity Governance, Risk, and Compliance (GRC) Analyst to support their Information Security team. This role involves advancing GRC maturity, supporting Privacy Operations initiatives, and assisting with annual PCI compliance activities.

Responsibilities

• Support Governance, Risk, Compliance (GRC) and Privacy Operations teams with day-to-day program activities and strategic initiatives
• Assist with preparation, coordination, and support of annual PCI compliance audits
• Maintain and enhance the organization's common control framework to ensure controls remain current, effective, and consistently applied
• Monitor compliance with cybersecurity standards and requirements through control testing, assessments, and reviews
• Document findings, identify control gaps, communicate risks, and track remediation efforts through resolution
• Develop and maintain information security risk registers and support enterprise risk reporting activities
• Conduct third-party security and compliance assessments and provide risk-based recommendations
• Build and maintain metrics, dashboards, and reporting that communicate compliance performance, risk trends, and program effectiveness
• Improve and streamline governance, risk, compliance, and privacy processes through documentation, automation, and process optimization
• Support AI governance, privacy, and security review activities by identifying risks, recommending safeguards, and helping implement appropriate controls
• Partner with business and technical stakeholders to align security, privacy, and compliance requirements with organizational objectives
• Monitor changes in laws, regulations, industry standards, and emerging cybersecurity risks

Skills

• 6+ years of progressively responsible experience in Governance, Risk & Compliance (GRC), information security risk management, audit, compliance, privacy, or internal controls
• 4+ years of experience supporting PCI compliance programs, assessments, and audits
• Demonstrated experience building, enhancing, or maturing GRC programs, frameworks, and processes
• 2+ years of experience supporting privacy programs, privacy operations, or privacy compliance initiatives
• Experience designing, testing, documenting, and assessing security or technology controls, including identifying gaps and driving remediation efforts to closure
• Strong knowledge of cybersecurity, risk, and compliance frameworks such as NIST, ISO 27001, SOC 2, and third-party risk management practices
• Experience developing risk metrics, dashboards, and leadership-ready reporting
• Working knowledge of AI governance and associated risk areas, including data privacy, model security, third-party AI usage, bias and fairness considerations, and human oversight requirements
• Experience supporting AI governance, privacy, or security reviews, including AI/GenAI vendor assessments, model risk considerations, AI policy development, or controls implementation
• Experience supporting modern cloud and SaaS environments
• Experience using GRC platforms and related governance, risk, compliance, workflow, or reporting tools
• Experience with Onspring or similar GRC platforms
• Professional certification such as CISSP, CISA, CRISC, CISM, or equivalent
• Strong written and verbal communication skills with the ability to communicate effectively across technical and non-technical audiences
• Highly organized with strong attention to detail and the ability to manage multiple priorities simultaneously
• Proven ability to collaborate across teams, influence stakeholders, and work effectively in a fast-paced environment
• Comfortable navigating ambiguity and helping define scalable processes and best practices

Company Overview