Job Title: Cyber Security GRC Analyst – Governance, Risk & Compliance
Company: Aaratech Inc.
Experience: 4+ years
Compensation: $80,000 – $90,000 per year (Negotiable)
Work Authorization
At this time, we are only able to consider candidates who are authorized to work in the United States without sponsorship.
Job Summary
Aaratech Inc. is seeking a Cyber Security GRC Analyst to support Governance, Risk, and Compliance (GRC) initiatives. In this role, you will help manage security frameworks, support audit readiness, conduct risk assessments, and ensure compliance with industry standards to strengthen the organization's overall security and regulatory posture.
Key Responsibilities
- Support control testing and evidence collection for NIST, ISO 27001, and SOC 2 requirements.
- Conduct compliance gap assessments and track remediation activities.
- Develop and maintain security policies, standards, and compliance documentation.
- Perform third-party and vendor risk assessments.
- Collaborate with IT, Security, and business teams during audit and compliance activities.
- Prepare audit-ready documentation, reports, and compliance evidence.
Qualifications
- Bachelor's degree in Cyber Security, Information Technology, Information Systems, or a related field.
- 4+ years of experience in IT Audit, GRC, Compliance, or Risk Management.
- Working knowledge of NIST, ISO 27001, SOC 2, and security control frameworks.
- Experience supporting audits, compliance initiatives, and policy management.
- Strong organizational, analytical, communication, and problem-solving skills.
Preferred Skills
- CISA certification preferred.
- NIST or ISO 27001 training/certifications.
- Experience with SOC 2 compliance and vendor risk management.
- Certifications such as CRISC, CGRC, or ISO 27001 Lead Implementer/Lead Auditor are a plus.
About Aaratech Inc.
Aaratech Inc. is a technology-driven organization focused on delivering innovative solutions across cybersecurity, healthcare, and enterprise domains. We are committed to protecting digital assets, strengthening security resilience, and enabling organizations to operate securely through advanced technologies, skilled professionals, and collaborative partnerships.
