GRC Analyst - HEATH CONSULTANTS : Job Details

Since 1933 Heath Consultants Incorporated is the leading provider of services and equipment to the natural gas and utility industry. Heath develops and manufactures its equipment in its own world-class facility located in Houston, TX. The GRC Analyst updates and maintains control spreadsheets, provides suggestions to management, and ensures compliance with internal controls, legal requirements, and security guidelines. They support audits by supplying relevant documentation and work under the Information Security Assessment Specialist to secure all protected information. The analyst collaborates across departments to identify and resolve security issues, recommending improvements to enhance the organization's overall security posture. Candidates MUST be local to the Houston, TX area or be willing to relocate to Houston to be considered as this is a HYBRID ROLE.Key Responsibilities:

• Design and implement cybersecurity risk management and security assessment programs.
• Conduct risk analysis to improve policies, controls, and compliance processes.
• Collaborate with teams to guide remediation and ensure alignment with frameworks (NIST, SOC 2, CIS).
• Identify vulnerabilities and monitor ongoing compliance across systems.
• Automate and streamline GRC workflows, including risk evaluations and control testing.
• Develop dashboards, metrics, and documentation to support audits and reporting.
• Support security incident response, including investigation, forensics, and containment.
• Monitor threats and activate incident response plans as needed.
• Support insider threat detection and deliver security awareness training.
• Evaluate third-party and vendor risks through due diligence assessments.
• Conduct enterprise risk assessments and maintain risk registers.
• Ensure compliance with data privacy regulations (e.g., GDPR, CCPA).
• Coordinate audit readiness and track remediation of findings.
• Promote a culture of risk awareness and responsible decision-making.
• Align GRC programs with new technologies and digital initiatives.
• Perform additional tasks and special projects as assigned.

• Cyber Security Compliance.
• Cyber Security Risk Assessment.
• Cyber Security Customer Support.
• Vulnerability and Penetration Testing.
• Cyber Security Threat Management.
• Cyber Security Monitoring and Reporting.

• Bachelor's degree in IT or related field, or equivalent work experience within compliance, information security, auditing, and/or consulting
• Ability to positively contribute and look for opportunities to improve upon existing processes or procedures.
• Possess a high standard of ethics and operate with integrity and professionalism.
• Broad understanding of cloud security, risk assessment, GRC, IAM, SDLC, penetration testing, incident response & forensics, and related cybersecurity solutions
• Good written and oral communication and influencing skills.
• Experience with Identity Access Management tools and Role-Based Access Controls is a plus.
• Experience with Governance, Risk, and Compliance solutions such as Auditboard is a plus.
• Industry certifications such as CISA, CRISC, GCIH, CIA, or equivalent are a plus.
• Understanding of general IT controls and the ability to analyze data and interpret results.
• Familiarity with industry frameworks and standards, such as NIST CSF, ISO, COBIT5/2019, SOC2, GDPR, PCI, etc.

• Dependable, flexibility to work weekends, evenings, nights, and holidays.
• Heath's IT is a 24/7/365 department such that, as an employee needs assistance, they will be provided with the proper channels based on normal working hours, expanded working hours or emergency support hours.
• Hybrid Work Schedule (3 days on site)
• Sitting for extended periods.
• Dexterity of hands and fingers to operate a computer keyboard, mouse, power tools, and to handle other computer components.
• Occasional inspection of cables in floors and ceilings.
• Lifting and transporting moderately heavy objects, such as computers and peripherals.