Job Title: Lead GRC Analyst
Type: FTE
Location: Irving, TX (4 days on-site, 1 day remote)
Summary:
The Lead GRC Analyst will play a pivotal role in strengthening enterprise-wide governance, risk, and compliance operations across our client's three business units: homebuilding, mortgage, and title. This role focuses on policy management, third-party risk assessments, IT audits, and vulnerability scanning. The ideal candidate will bring deep technical expertise, a strategic mindset, and the ability to work cross-functionally with diverse stakeholders to uphold cybersecurity and regulatory standards.
Key Responsibilities:
- Manage and maintain IT and security policies in alignment with regulatory frameworks
- Conduct comprehensive risk assessments and internal IT audits across business units
- Lead Third Party Risk Management (TPRM) efforts using tools such as One Trust and Security Scorecard
- Document and track vendor onboarding activities, including risk evaluations and remediation plans
- Analyze complex data sets using Excel (filters, pivot tables) to support decision-making and reporting
- Interface with internal stakeholders to identify, communicate, and remediate compliance issues
- Perform vulnerability scans and shift-left scanning to proactively identify risks
- Collaborate cross-functionally with teams across homebuilding, mortgage, and title divisions
- Support infrastructure security across both on-prem and cloud environments (AWS, Azure, GCP)
- Apply NIST 800-171 and NIST 800-53 standards to secure sensitive and federal information systems
- Provide guidance on operating systems including Windows and Linux (RHEL, Ubuntu, Debian, CentOS)
- Contribute to GRC program enhancements and support audit readiness initiatives
Qualifications & Experience:
- Bachelor's degree in information technology, Information Security, or related field
- Strong experience in Governance, Risk, and Compliance (GRC)
- Strong experience in cybersecurity risk assessment and vendor onboarding
- Strong experience conducting internal or IT audits
- Strong policy management experience and familiarity with regulatory frameworks
- Proficiency in Excel for data analysis and reporting
- Experience with NIST 800-171 (primary) and NIST 800-53 standards
- Solid understanding of operating systems and infrastructure (Windows, Linux, Unix)
- Exposure to cloud platforms including AWS, Azure, and GCP
- Experience using Rapid7 for vulnerability scanning and risk analysis
- Strong communication and stakeholder engagement skills
- Ability to work independently and collaboratively across technical and business teams
Preferred Skills & Certifications:
- Experience with GRC tools such as Archer, ServiceNow GRC, Audit Board
- Familiarity with PCI DSS standards and secure data handling practices
- ITIL Certification or other relevant security/GRC certifications
- Exposure to project management tools (Jira, Confluence, Azure DevOps)
- Experience conducting modality or mobility curve assessments
- Background in systems administration or infrastructure security