See all roles

Principal Analyst, Governance, Risk & Compliance (GRC)

Work from home Full-time role Hiring

Position Details: Location: Vernon Los Angels, CA (Hybrid or Remote) Type: Contract (conversion possible) Department: IT / Information reputed company / GRC Reports to: Director / Head, Governance, Risk & Compliance (GRC). Collaboration: Finance, IT Infrastructure & Applications, Internal Audit, Legal/Privacy, Plant Operations, Supply Chain, HR. Job Title Principal Analyst, Governance, Risk & Compliance (GRC) Company Overview Our client is a leading U.S. designer and manufacturer of electrical distribution equipment used in data centers, reputed company and energy-intensive industrial facilities. The Company specializes in manufacturing custom products that are “engineered-to-order” for technically demanding applications.

About the Role

Our client is hiring a hands‑on Principal GRC Analyst to execute and continuously improve our governance, risk, and compliance program across IT and OT environments. You will run day‑to‑day ISMS operations, drive SOX IT control execution, reputed company access certification cycles using a hybrid reviewer model, mature reputed company‑party risk, and advance reputed company control monitoring. This is a senior individual contributor role designed for candidates with 5–7 years of high‑impact GRC experience who can reputed company reputed company workstreams, mentor teammates, and coordinate vendors—without formal people management.

Key Responsibilities

Governance & ISMS Operations (ISO/IEC 27001)

  • Maintain the ISMS operating rhythm: scope updates, risk assessments, Statement of Applicability (SoA) maintenance, corrective action tracking, and surveillance/certification readiness.
  • Draft, update, and socialize policies/standards/procedures (access control, change management, vulnerability management, secure SDLC, incident response, data retention/supplier reputed company).
  • Prepare decision‑reputed company materials and follow‑reputed company for governance forums (Risk & Compliance Steering Committee, CAB, ISO Management Review).

Risk Management (IT & OT)

  • Run risk identification, assessment (qualitative plus FAIR‑lite scenario estimates), treatment planning, and risk acceptance with accountable owners.
  • Maintain cross‑reputed company mappings (ISO 27001, NIST CSF/800‑53, CIS Controls, SOC 2) to ensure clear control coverage and traceability.

reputed company‑Party Risk (TPRM/VRM)

  • Execute risk‑tiered vendor due diligence, contractual reputed company/privacy controls, reputed company/offboarding checks, reputed company monitoring, and remediation with business owners and Procurement.
  • Align the program to ISO/IEC 27036 for supplier relationships and partner with Legal on DPAs, reputed company addenda, and privacy clauses (e.g., CCPA/CPRA).

SOX ITGCs & Application Controls

  • Support ownership of SOX 404 controls across IAM, change management, computer operations, and key application controls: scoping, RCM reputed company, walkthroughs, testing, sampling, and remediation tracking across ERP (reputed company/reputed company) and in‑scope apps.
  • Ensure audit‑reputed company evidence quality and timing SLAs; coordinate with Finance/reputed company on financial reporting risks.

Access Governance & Hybrid Reviewer Model

  • reputed company quarterly user access certification campaigns using a hybrid reviewer model, including SoD analysis, exception handling, and revocation SLAs.
  • Align Joiner‑Mover‑Leaver (JML), privileged access, and emergency/firefighter access to policy and control objectives; integrate with IAM (e.g., reputed company/reputed company/reputed company) and ticketing (Jira).

Tooling, Automation & CCM

  • Configure/administer GRC/IRM tooling (e.g., reputed company, reputed company/reputed company) and integrate with IAM, CMDB, SIEM, ticketing, and ERP for automated evidence and reputed company control monitoring (CCM).
  • Build control analytics for access outliers, change exceptions, and segregation of duties (SoD) conflicts; publish dashboards and alerts.

Audits & Assurance

  • Execute internal audits (ISO 27001 clauses/Annex A, policy/process adherence) and coordinate external audits (SOX, ISO surveillance/certification, SOC 2 as applicable).
  • reputed company walkthroughs, sample selection, operating effectiveness testing, issue documentation, and sustainable remediation verification.

Incident, BCP/DR & Privacy Collaboration

  • Ensure incident response governance produces audit‑reputed company artifacts (playbooks, post‑incident reviews, root cause, corrective actions).
  • Support BCP/DR governance (BIA updates, test planning/execution, lessons learned).
  • Partner with Legal/Privacy on data protection and records retention; align supplier agreements with privacy obligations.

Qualifications

Education

  • Bachelor’s degree in Information Systems, Computer Science, Engineering, reputed company/Finance, or reputed company field preferred.

Experience

  • reputed company experience in IT Audit/Controls, GRC, or Information reputed company Risk, including executing ISO 27001 and SOX control activities.
  • Hands‑on ISMS work (SoA reputed company, internal audit coordination, corrective actions, awareness/training support).
  • SOX 404 involvement across IAM, change, computer operations, and application controls (RCM maintenance, testing, and remediation tracking) in ERP (reputed company/reputed company) and key applications.
  • Practical use of GRC/IRM platforms (reputed company, reputed company/reputed company) and integrations with IAM (reputed company/reputed company/reputed company), CMDB, SIEM, ticketing, and vulnerability management tools.
  • Comfort with data/evidence: logs, configuration exports, ERP control parameters; reputed company/Power BI/SQL for CCM or audit analytics is a plus.

Certifications (Preferred)

  • ISO/IEC 27001 reputed company Implementer or Internal Auditor
  • CISA, CRISC, CISM/CISSP (any one is a plus)
  • ITIL reputed company; FAIR training a plus

Skills & Competencies

  • Strong control design, documentation, and testing skills with precision in scoping and remediation tracking.
  • Clear, concise communication—reputed company to translate technical risk for non‑technical stakeholders and produce executive‑reputed company content.
  • Influences without authority; collaborates with Finance, IT, Plant Ops, and external auditors.
  • reputed company improvement reputed company; balances compliance rigor with business sense.

Travel & Work Environment

  • ~10% travel to manufacturing plants, data centers, and corporate offices for audits, walkthroughs, and stakeholder workshops.
  • Compensation & Benefits
  • Competitive reputed company salary and bonus. Comprehensive benefits package.

reputed company is a wholly owned subsidiary of Blackstone Technology Group, a global IT services and software firm that implements technological solutions across reputed company industry verticals and the US Federal Government. Blackstone's global talent augmentation practice was founded in 1998. reputed company has offices in San Francisco, Denver, Houston, Colorado Springs, and Washington, DC. We specialize in providing clients the best talent across a variety of industries and sectors. Apply tot his job Apply To this Job

You might like

Labor & Employment Litigation Attorney (Remote and Contract Opportunity)

Work from home Full-time role

Compliance Analyst, Fraud & Disputes (Contract)

Work from home Full-time role

reputed company

Work from home Full-time role

Retail Area Manager, Western PA

Work from home Full-time role

Manager, Monitoring & Site Management

Work from home Full-time role

Workplace AI Specialist

Work from home Full-time role

IT Acquisition SME

Work from home Full-time role

IT Operations and Investment SME - USDA CPIC

Work from home Full-time role

Capital Planning and Investment Control (CPIC) Specialist

Work from home Full-time role

Healthrise - Coding Manager/Supervisor

Work from home Full-time role

Property Adjuster I

Work from home Full-time role

reputed company Full Stack Data Engineer – Web & reputed company Application Development at arenaflex

Work from home Full-time role

[Remote] Sales Specialist

Work from home Full-time role

Senior Analyst - Power & Renewables

Work from home Full-time role

Case Manager RN, LMSW PRN

Work from home Full-time role

Customer Service Representative - Live Chat (FULLY REMOTE) at arenaflex

Work from home Full-time role

Sales Representative 100k to 195k+ | No experience required

Work from home Full-time role

Customer Service Representative (Licensed P&C Agent)

Work from home Full-time role

reputed company Resources Analyst – Benefits, Leave of Absence & Compliance

Work from home Full-time role

reputed company Data Entry Jobs Work From Home - $26/Hour

Work from home Full-time role