GRC Analyst – SOC & PCI Compliance

Job: GRC Analyst – SOC & PCI Compliance

Location: Remote

We are seeking a Governance, Risk, and Compliance (GRC) Analyst with hands-on experience in SOC 1/2 and PCI DSS compliance. The ideal candidate will be responsible for ensuring that our organization meets security, regulatory, and compliance requirements by evaluating current processes, identifying risk areas, and supporting internal and external audits.

This is not a GRC tool-specific role (e.g., Archer); instead, we are looking for someone with strong knowledge of compliance frameworks, security controls, and audit processes.

• Perform compliance assessments against standards such as SOC 1/2, PCI DSS, and internal policies
• Identify, document, and track compliance risks, gaps, and remediation plans
• Collaborate with cross-functional teams to gather audit evidence and improve controls
• Prepare and support external audits and assessments
• Maintain up-to-date documentation of policies, procedures, and controls
• Assist in developing security and compliance training and awareness materials
• Monitor and report on ongoing compliance activities and regulatory changes

Qualifications:

• 3+ years of experience in GRC, compliance, or IT audit
• Strong understanding of SOC reports (Type I/II) and PCI DSS requirements
• Familiarity with cybersecurity best practices and common control frameworks (e.g., NIST, ISO 27001)
• Experience working with auditors, regulators, or compliance partners
• Excellent written and verbal communication skills
• Ability to analyze complex problems and propose clear solutions

• Mid-Senior level

• Full-time

• Finance

• IT Services and IT Consulting