Information Security GRC Analyst

Information Security GRC Analyst

About the Role:

United Community is seeking an Information Security GRC Analyst to support our cybersecurity and risk management initiatives. This role plays a key part in conducting access reviews, evaluating third-party vendors, and strengthening our governance, risk, and compliance (GRC) posture. You’ll collaborate across IT, TPRM, and GRC teams to ensure our systems, vendors, and users align with internal security standards and regulatory requirements.

What You’ll Do:

• Conduct periodic User Access Reviews (UARs) and Privileged Access Reviews (PARs) to enforce least privilege principles.
• Evaluate third-party vendors for information security compliance in partnership with the TPRM team.
• Support control testing, documentation, and governance activities alongside the GRC Lead and Controls Testing Analyst.
• Contribute to email security initiatives, including phishing simulations and reporting.
• Assist in developing and delivering cybersecurity training and awareness programs.
• Identify and implement automation opportunities to streamline GRC workflows.
• Document findings and track remediation efforts related to access, vendor, and control risks.
• Ensure compliance with internal policies and external regulations (e.g., SOX, GLBA).
• Support internal and external audits related to access control and vendor management.
• Stay current on industry best practices, regulatory changes, and emerging technologies.

What We’re Looking For:

• Experience:

• 1–3 years in cybersecurity, IT operations, or risk management.
• Exposure to third-party risk evaluations and email security practices.
• Experience supporting cybersecurity training and awareness programs.

• Education:

• Bachelor’s degree preferred in Information Assurance, Computer Science, Cybersecurity, or a related field.
• Equivalent education or experience may be considered.

• Required Skills:

• Familiarity with vendor security evaluations and collaboration with TPRM teams.
• Strong communication skills and ability to work across technical and business teams.
• Detail-oriented, organized, and adaptable to shifting priorities.
• Demonstrated flexibility in a dynamic, cross-functional environment.

• Preferred Skills:

• Hands-on experience with UARs and PARs.
• Working knowledge of automation tools (e.g., LogicGate, ServiceNow).
• Understanding of GRC frameworks (CIS CSC, NIST CSF, COBIT, CRI).
• Certifications such as Security+, ISC2 Certified Cybersecurity (CC), or ISACA Cybersecurity Fundamentals.

Travel:

• Up to 5% travel required.

Supervisory Responsibility:

• This position does not have direct supervisory responsibilities.

Conditions of Employment:

• Must be able to pass a criminal background & credit check
• This is a full-time, non-remote position

FLSA Status: 

• Exempt

This is a full-time role based in a professional office environment, with up to 5% travel and schedule flexibility for evenings and weekends. The position does not include supervisory responsibilities.

We are proud to be an Equal Opportunity Employer. Reasonable accommodations are available to support individuals with disabilities in performing essential job functions.