Job Description
Senior GRC Analyst
Department: Information Security / Risk & Compliance
We're looking for a
Senior Governance, Risk, and Compliance (GRC) Analyst to strengthen our risk management and compliance programs. In this role, you'll partner with IT, security, legal, and business leaders to ensure regulatory compliance, reduce risks, and enhance governance practices across the organization.
What You'll Do
- Lead risk assessments and manage third-party/vendor risk.
- Maintain compliance with frameworks (ISO 27001, NIST, SOC 2, GDPR).
- Support internal and external audits (SOC 2, ISO 27001, etc....).
- Develop and update security policies, standards, and procedures.
- Provide compliance training and promote a culture of risk awareness.
- Build reports/dashboards to communicate compliance and risk status to leadership.
Governance & Policy Development
- Develop, update, and maintain security and compliance policies, standards, and procedures.
- Ensure alignment with industry frameworks such as ISO 27001, NIST CSF, SOC 2, HIPAA, PCI-DSS, and GDPR.
- Educate business units on compliance requirements and governance standards.
Risk Management
- Lead enterprise and IT risk assessments, identifying, evaluating, and prioritizing risks.
- Recommend and track remediation plans to address control gaps and vulnerabilities.
- Manage third-party/vendor risk assessments and ongoing due diligence.
Compliance & Audit Readiness
- Support internal and external audits (e.g., SOC 2, SOX, PCI-DSS).
- Maintain compliance evidence repositories and audit documentation.
- Monitor changes in regulations and industry standards to ensure ongoing compliance.
Security Awareness & Training
- Contribute to compliance training and awareness programs for employees.
- Promote a culture of compliance and risk awareness across the organization.
Metrics & Reporting
- Develop dashboards and reports that communicate risk and compliance status to leadership.
- Provide recommendations for improving governance and compliance maturity.
What We're Looking For
- 57+ years in GRC, risk management, or compliance (with senior/lead experience).
- Strong knowledge of regulatory frameworks and risk methodologies.
- Experience with GRC tools such as Vanta, Drata, etc....
- Proven ability to work collaboratively, resolve challenges strategically, and communicate complex ideas with clarity in both written and spoken formats.
- Certifications such as CGRC, CISSP, CISM, CRISC, or CISA are a plus.
Why Join Us
- Shape and grow our GRC program.
- Work with leadership on high-impact initiatives.
- Competitive salary, benefits, and professional growth opportunities.
At Nextpower, we are driving the global energy transition with an integrated clean energy technology platform that combines intelligent structural, electrical, and digital solutions for utility-scale power plants. Our comprehensive portfolio enables faster project delivery, higher performance, and greater reliability, helping our customers capture the full value of solar power. Our talented worldwide teams are redefining how solar power plants are designed, built, and operated every day with smart technology, data-driven insights, and advanced automation. Together, we're building the foundation for the world's next generation of clean energy infrastructure.
We are Nextpower 
