Junior GRC Analyst (Student Associate)

 Posted an hour ago
     
0-2 years experience
Apply Now

Please mention DailyRemote when applying

AI Summary

Support client assignments by executing structured GRC procedures, including policy standardization, vendor risk assessments, and continuous evidence collection. Manage vulnerability governance reporting and identity hygiene while collaborating on AI-enabled automation for GRC workflows.

Junior GRC Analyst (Student Associate)


Location: TBD (Remote / Hybrid in NC / On‑site)
Employment Type: Hourly rate with Project‑based performance, outcome‑driven (not tied to set daily hours)
Department: Managed GRC Associate Program
Reports To: Senior Manager / Client Engagement Lead


About the Program

Our Managed GRC Associate Program is modeled on the “Tier 1 SOC Analyst” approach applied to Governance, Risk, and Compliance. Student Associates execute structured, repeatable procedures that prepare data for senior decision‑makers—freeing experienced consultants to focus on strategy while building a pipeline of workforce‑ready GRC talent.


The Role

As a Junior GRC Analyst, you will support multiple client assignments under the direction of our senior managers and client stakeholders. Work is outcome‑based—measured by deliverables and quality, not by set hours per day, although you will be paid hourly for your efforts. You’ll develop hands‑on experience across policy operations, third‑party risk management (TPRM), evidence collection, vulnerability governance, identity & access hygiene, and collaboration with AI agents that streamline high‑volume tasks.


What You’ll Do

  • Policy Management & Standardization
    • Tailor, format, and maintain client policies using established templates (e.g., ISO/NIST).
    • Drive annual review cycles: reminders, tracking, and sign‑off capture.
    • Perform initial control mapping (e.g., policy → ISO 27001, NIST CSF/800‑53, CMMC) for senior review.
  • Core GRC Data Maintenance and hygiene
    • Run and manage imports of GRC core data for example
    • Employee / contactor tables
    • Asset tables
    • Exception tables
  • Vendor Risk (TPRM)
    • Coordinate vendor outreach, send questionnaires (e.g., SIG Lite, CAIQ), and follow up to closure.
    • Review customer / client questionnaires and generate AI responses and review
    • Validate documentation (e.g., SOC 2 period/entity scope, bridge letters).
    • Review contracts for standard terms, highlight issues and review with senior GRC team members
    • Apply first‑pass scoring with a key‑answer guide; flag high‑risk responses for escalation.
  • Continuous Evidence Collection
    • Execute monthly “evidence hunts” aligned to frameworks (ISO 27001, SOC 2).
    • Upload artifacts to the GRC platform; trigger compliance alerts when gaps are discovered.
  • Vulnerability Governance
    • Produce weekly SLA reports (e.g., criticals > 14 days), open/route tickets, and track resolution.
    • Reconcile scan coverage vs. asset inventory to identify blind spots.
    • Review exception/false‑positive requests for completeness before senior approval.
  • Identity & Access Hygiene
    • Prepare clean user lists for access reviews; highlight anomalies and terminations.
    • Perform termination checks (HR → AD) to ensure timely account deactivation.
    • Document role‑based access expectations via stakeholder interviews.
  • AI‑Enabled GRC Operations
    • Collaborate on agent design/tuning for: email drafting, evidence triage, tone/sentiment analysis, and process orchestration.
    • Participate in human‑in‑the‑loop oversight to continuously improve agent accuracy and reduce manual effort.


What You’ll Bring (Skills & Qualifications)

  • Education: Current enrollment in a college‑level program (Information Security, Cybersecurity, MIS, or related).
  • Information Security Foundations: Familiarity with core security concepts and controls.
  • Frameworks: Working knowledge of ISO 27001, NIST (CSF/800‑53), SOC 2; ability to map policies/controls.
  • Attention to Detail: Meticulous documentation, artifact validation, and checklist discipline.
  • Inquisitive Mindset: Probing follow‑up questions that clarify vendor/client responses and strengthen outcomes.
  • Communication: Clear, concise writing; professional client/vendor email etiquette.
  • Process & Tools: Comfort with SOPs, ticketing (Jira/ServiceNow), spreadsheets, and GRC platforms (e.g., Vanta, Drata, Archer, ServiceNow).
  • AI Curiosity: Interest in leveraging AI for automation, evidence analysis, and workflow orchestration.
  • Teamwork & Ownership: Ability to work under direction from senior managers and clients; deliver reliable outcomes independently.


Nice‑to‑Have

  • Exposure to TPRM platforms/questionnaires (SIG Lite, CAIQ, Prevalent, OneTrust).
  • Basic data wrangling (Excel/Google Sheets, filters/pivot tables).
  • Familiarity with vulnerability scanners or IAM concepts.


How You’ll Succeed

  • You follow SOPs precisely, document decisions, and escalate when needed.
  • You manage your time around deliverables (not hours) and meet agreed outcomes.
  • You seek feedback, ask clarifying questions, and improve each cycle.


What You’ll Gain

  • Resume‑building experience across real‑world GRC operations.
  • Client exposure and professional references; potential direct‑hire opportunities with clients.
  • Hands‑on participation in AI‑enabled GRC processes with human‑in‑the‑loop mentorship.
  • Structured coaching from senior GRC leaders; clear playbooks and quality reviews.


Compensation & Schedule

  • Paid, outcome‑based engagements with flexible scheduling.
  • Exact compensation, engagement duration, and weekly deliverables will be defined per assignment.


EEO Statement

We are an Equal Opportunity Employer. We welcome applicants from all backgrounds and do not discriminate based on protected characteristics. Candidates must be authorized to work in their applicable jurisdiction and will be considered based on qualifications and ability to perform role responsibilities.

 

Similar Jobs

See all Remote Others jobs →

Personalize your Remote Job Search in 3 Easy Steps!

Discover remote opportunities in Others

Answer easy questions

Answer easy questions

200,000+ jobs across 15+ categories

Get your best job matches

Get your best job matches

Only hand-screened, legit jobs

Find a remote job faster

Find a remote job faster

No ads, scams, or junk

I was the first applicant for a remote marketing position that got listed on the company website the same day I applied. Had an interview within 48 hours!

Sarah J. — Sarah J. · Marketing Manager ★★★★★ Verified