Governance, Risk, and Compliance (GRC) Analyst
Osaic is a company that focuses on IT Governance, Risk, and Compliance operations. The IT GRC Analyst I role is responsible for supporting IT risk and control management, regulatory compliance, and audit readiness, while collaborating with various teams to maintain compliance with organizational policies.ResponsibilitiesAssist with IT risk and control management by managing the IT risk register, performing risk assessments, documenting IT controls, tracking issues and exceptions, and supporting issue remediation activitiesSupport audit readiness activities prior to formal audits by validating IT control compliance, identifying gaps, and preparing documentation to ensure systems and processes meet regulatory and internal requirementsCoordinate audit evidence gathering during active audits by managing evidence requests, collecting and organizing documentation from stakeholders, and ensuring timely delivery to internal and external auditorsContribute to vendor risk management processes by helping review vendor questionnaires, monitor risk ratings, and track remediation actionsAssist with technical product risk management by maintaining an inventory of in-house and third-party products, performing or supporting technical product risk assessments, identifying issues and defining action plans, and evaluating product maturity to ensure alignment with security and compliance standardsHelp maintain IT risk registers and compliance records in the Osaic IT GRC platformAssist with cybersecurity governance reporting and metrics by compiling data on control effectiveness, risk trends, and compliance status for leadership dashboardsSupport exception management processes by tracking approvals, documenting compensating controls, and monitoring aging of exceptionsMaintain and update Osaicβs IT policies to ensure they remain current, accurate, and aligned with regulatory and organizational requirementsAssist with security awareness and training initiatives by supporting the development and delivery of programs that promote adherence to policies and best practices across the organizationProvide backup coverage for other IT GRC analysts to ensure continuity across IT GRC domainsPerform additional IT GRC responsibilities as assigned to support team objectives and compliance obligationsSkillsBachelor's degree preferred; high school diploma (or equivalent) in combination with significant experience will be considered in lieu of degreeMinimum of high school diploma or equivalent is required1β3 years of experience in IT, cybersecurity, or complianceBasic understanding of IT risk management, regulatory frameworks, and audit principlesStrong organizational and documentation skills with attention to detailAbility to learn quickly and adapt across multiple GRC domainsGood communication skills and ability to work in a team environmentFamiliarity with GRC platformsExperience supporting IT governance processes and creating governance metrics or dashboards for reporting to leadership or audit committeesExposure to regulatory frameworks such as NYDFS, SEC Reg S-P, or NIST CSFExperience with vendor risk management or third-party risk processesStrong analytical skills for interpreting risk and compliance dataProfessional certifications such as CompTIA Security+, CRISC, or similar are a plusBenefitsHealth, vision, dental insurance401kPaid time awayVolunteer daysCompany OverviewOsaic provides the support, resources, and community designed for the future of wealth management. It was founded in 2016, and is headquartered in Phoenix, Arizona, USA, with a workforce of 1001-5000 employees. Its website is https://osaic.com/.