GRC Analyst
Aqueduct Technologies is seeking a GRC Analyst to join our Governance, Risk, and Compliance (GRC) team. Reporting directly to the Director of GRC, this role plays a pivotal part in designing, executing, and maturing our clients’ security and compliance programs.
This is an analyst to mid level position designed for a GRC professional who is ready to take ownership of key workstreams while continuing to develop under senior leadership guidance. You will work directly with clients in a consulting environment, contributing to meaningful security improvements across diverse industries.
As part of our growing GRC practice, you will:
- Support and progressively lead client compliance engagements
- Contribute to the development of Aqueduct’s GRC service offerings
- Assist with internal compliance initiatives and audit readiness activities
What You’ll Do:
- Compliance Readiness and Assessments:
- Support and conduct readiness assessments aligned to frameworks such as NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS, and CMMC
- Identify control gaps and provide practical, risk based remediation recommendations
- Assist clients in preparing for external audits and certification efforts
- Risk Assessments:
- Perform organizational risk assessments and document risk findings
- Evaluate control effectiveness and recommend mitigation strategies aligned with business objectives
- Maintain risk registers and support risk reporting processes
- Third Party Risk Management:
- Conduct vendor risk assessments and due diligence reviews
- Support the development and maintenance of third party risk programs
- Assist with ongoing monitoring activities and documentation
- Client Reporting and Communication:
- Prepare clear, structured reports summarizing findings, risks, and recommended actions
- Present results to client stakeholders with guidance from senior team members
- Translate technical findings into business relevant insights
- Collaboration and Internal Support:
- Work closely with security operations, engineering, and account teams to align GRC initiatives
- Support internal compliance initiatives including SOC 2 readiness and audit activities
- Contribute to documentation development, templates, and process improvement efforts
- Professional Development:
- Stay current on evolving cybersecurity risks, regulatory requirements, and industry standards
- Expand expertise across multiple frameworks and advisory domains
What We’re Looking For:
- Core Competencies:
- Strong written and verbal communication skills
- Analytical thinking and attention to detail
- Ability to manage multiple client workstreams in a consulting environment
- Professional presence in client facing situations
- Technical and Compliance Experience:
- Experience supporting or conducting assessments across one or more major frameworks such as NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS, or CMMC
- Working knowledge of risk assessment methodologies
- Familiarity with third party risk management concepts and processes
- Foundational understanding of Zero Trust principles and modern security architecture concepts
- Professional Background:
- 3 or more years of experience in information security with exposure to GRC functions
- Experience in consulting, advisory, or managed services environments preferred
- Experience with GRC platforms such as ServiceNow GRC, Archer, Drata, Vanta, or similar tools is a plus
- Certifications:
- One or more of the following certifications is preferred but not required:
- CISA
- CISM
- CRISC
- CISSP
- CCSP
- Work Model:
- Ability to work in a hybrid model in the Canton, MA area
- Willingness to travel locally for client engagements as needed
Growth Opportunity
- This role offers a clear path toward Senior GRC Consultant responsibilities. Analysts who demonstrate strong client delivery, technical depth, and engagement ownership will have opportunities to lead larger assessments, mentor junior team members, and expand into broader advisory engagements.
