GRC Analyst

Who are we Fulcrum Digital is an agile and next-generation digital accelerating company providing digital transformation and technology services right from ideation to implementation. These services have applicability across a variety of industries, including banking & financial services, insurance, retail, higher education, food, healthcare, and manufacturing. Job Summary We are seeking a detail-oriented and analytical GRC Analyst to support the organization’s governance, risk management, and compliance initiatives. The ideal candidate will help identify risks, ensure regulatory compliance, support audit processes, and strengthen internal controls to protect the organization’s assets and reputation. Key Responsibilities Governance Support development and maintenance of security policies, standards, and procedures Ensure alignment with industry frameworks (e.g., ISO 27001, NIST, SOC 2) Assist in policy awareness and training initiatives Risk Management Conduct risk assessments and maintain risk registers Identify, analyze, and document security and operational risks Track remediation plans and risk mitigation efforts Support third-party/vendor risk assessments Compliance Monitor compliance with regulatory and industry requirements (e.g., GDPR, HIPAA, PCI-DSS as applicable) Assist with internal and external audits Collect and maintain evidence for compliance reporting Coordinate remediation of audit findings Reporting & Documentation Prepare risk and compliance reports for management Maintain documentation of controls and audit artifacts Track KPIs and KRIs Required Qualifications Bachelor’s degree in Information Security, Cybersecurity, IT, Risk Management, or related field 2–5 years of experience in GRC, risk management, compliance, or IT audit Knowledge of security frameworks (ISO 27001, NIST, SOC 2, etc.) Understanding of regulatory requirements (GDPR, HIPAA, PCI-DSS, etc.) Strong analytical and documentation skills Preferred Qualifications Mandatory - Certifications such as CISA, CRISC, CISM, ISO 27001 Lead Implementer/Auditor Experience with GRC tools (e.g., Archer, ServiceNow GRC) Experience working with cloud environments (Azure, AWS, GCP) Knowledge of cybersecurity controls and risk methodologies Key Skills Risk assessment and analysis Policy and control documentation Audit coordination Strong communication and stakeholder management Attention to detail Ability to work independently and manage multiple priorities Work Environment Full-time position Hybrid/Remote (as applicable) Cross-functional collaboration with IT, Security, Legal, and Business teams