Security GRC AnalystUnited States

Bachelor's degree in Information Security, Risk Management, Business, or a closely related field required

3-5+ years of experience in Information Security, GRC, Risk Management, or Compliance

Proven experience supporting compliance frameworks (e.g., NIST 800-171/53, CMMC, ISO 27001, SOC 2, FedRAMP)

Demonstrated experience leading or supporting compliance programs and internal/external audits

Excellent problem-solving, analytical, and critical thinking skills

Ability to collaborate across Legal, Security, Product, and Engineering teams in a fast-paced environment

The Security GRC Analyst is a key member of Exabeam’s Governance, Risk, and Compliance (GRC) team. This role is responsible for leading and supporting critical components of the company’s cybersecurity compliance programs, third-party risk management processes, and governance initiatives. The ideal candidate will have deep familiarity with regulatory and industry frameworks such as CMMC, NIST, and ISO 27001, and be comfortable working cross-functionally with Legal, Product, and Security stakeholders.

Lead the strategy, execution, and continuous improvement of the company’s compliance program, including gap assessments, remediation plans, and policy documentation

Develop, update, and maintain cybersecurity policies, standards, and procedures in alignment with NIST, CMMC, and ISO 27001 frameworks

Serve as a liaison to external consultants, auditors, and government partners on matters related to CMMC, ISO 27001, and other compliance efforts

Collaborate with Legal during the contract negotiation process, including providing risk-based feedback and proposed alternatives for security/privacy-related terms

here

.