Overview
This role reports into Technology GRC leadership and supports delivery across Advisory Services, the enterprise Risk Register, and Policy Governance. The Senior GRC Analyst executes risk and compliance activities with a high degree of independence and contributes to maturing the team's processes and documentation.
The role partners with AI agents in a human-in-the-loop model, using AI-assisted workflows to accelerate evidence gathering, risk documentation, and control narratives while validating outputs for accuracy.
Responsibilities
- Advisory Services
- Provide cross-functional risk and control guidance on process improvement, post-implementation reviews, and remediation activities.
- Support stakeholders in interpreting requirements and embedding controls into business processes.
Risk Register
- Maintain Risk Register entries across assigned technology domains, ensuring risks are documented, owned, risk-rated, and tracked through closure.
Policy Governance
- Support policy authoring, review cadence, and exception intake, keeping policies aligned to regulatory and industry frameworks.
AI-Augmented Delivery
- Use AI-assisted workflows (human-in-the-loop) to accelerate evidence collection, risk documentation, and control narratives, validating AI output for accuracy and confidentiality.
Control Testing & Evidence
- Perform control testing and evidence collection for SOC 2, PCI DSS, and SOX ITGC programs, mapping findings to applicable framework requirements.
Qualifications
- Bachelor's degree in Information Technology, Cybersecurity, Risk Management, Accounting, Finance, or a related field.
- Minimum 4+ years in GRC, technology risk, IT audit, or compliance.
- Solid working knowledge of risk registers, policy governance, and advisory support within a regulated or SaaS environment.
- Working proficiency with AI-assisted tools to draft and review risk and control content, with judgment on when to validate.
- Familiarity with NIST CSF 2.0, COBIT 2019, COSO ERM, and ISO 31000.
- Strong written communication and attention to detail.
- Relevant certifications preferred (e.g., CRISC, CISA, or progress toward them).
- Working experience with GRC tooling (e.g., ServiceNow IRM, AuditBoard, OneTrust, Vanta, Drata) and control testing/evidence collection.
- Familiarity with cloud/hybrid environments (AWS, Azure) and major frameworks (SOC 2, PCI DSS, ISO 27001, NIST CSF 2.0).
- Preferred experience in the Property Management, Multifamily Housing, SaaS, FinTech, or PropTech industries.
Willing to work in 2PM to 11 PM IST hours.
