GRC Analyst Location: Hybrid in Allen, TX (3 days in the office, 2 days remote)
Type: Full-time/ Direct-hire
We are seeking an experienced Governance, Risk & Compliance Analyst to build and lead our SOC 2 compliance program from the ground up. This is a newly created role and will serve as the primary IT-focused GRC resource for the organization.
This position will own the SOC 2 journey while managing ongoing risk, audit, vendor, and policy initiatives.
What You'll Do
Lead and manage the organization's SOC 2 Type 1 and Type 2 certification efforts end-to-end
Conduct gap assessments and implement controls aligned to SOC 2 Trust Services Criteria
Partner with external audit firms and manage audit timelines, documentation, and evidence
Build and maintain a centralized audit evidence repository
Develop, update, and maintain IT security policies and governance documentation
Conduct vendor risk assessments and third-party security reviews
Maintain and manage the enterprise IT risk register
Perform ongoing control testing and monitoring
Support internal and regulatory audits as needed
Advise leadership on risk posture and remediation strategies
What We're Looking For
5+ years of hands-on experience in information security with a focus on risk and compliance
Direct experience owning or leading SOC 2 audits
Strong knowledge of NIST frameworks and control mapping
Experience managing third-party auditors and compiling audit evidence
Background in vendor risk management (TPRM)
Ability to operate independently in a standalone GRC role
Strong communication skills with both technical and executive stakeholders
Bachelor's degree in Cybersecurity, Risk, IT, or related field preferred
Certifications such as CISSP, CISA, CRISC, or similar are a plus
Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual's skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company's 401(k) retirement plan. Additional disclaimer: Unless otherwise noted in the job description, the position Vaco/Highspring is filing for is occupied. Please note, however, that Vaco/Highspring is regularly asked to provide talent to other organizations. By submitting to this position, you are agreeing to be included in our talent pool for future hiring for similarly qualified positions. Submissions to this position are subject to the use of AI to perform preliminary candidate screenings, focused on ensuring minimum job requirements noted in the position are satisfied. Further assessment of candidates beyond this initial phase within Vaco/Highspring will be otherwise assessed by recruiters and hiring managers. Vaco/Highspring does not have knowledge of the tools used by its clients in making final hiring decisions and cannot opine on their use of AI products.
