Senior Cybersecurity GRC Analyst

OPSWAT, a global leader in IT, OT, and ICS critical infrastructure cybersecurity, delivers an end-to-end platform that gives public and private sector organizations and enterprises the critical advantage needed to protect their complex networks, secure their devices, and ensure compliance. Over the last 20 years our commitment to innovative technology has earned the trust of more than 1,700 organizations, governments, and institutions globally, solidifying our role in protecting the world’s critical infrastructure and securing our way of life.

The Position

We are seeking a highly skilled Senior GRC Analyst to join our dynamic cybersecurity team at OPSWAT. In this role, you will lead critical security and privacy compliance initiatives, ensuring that our organization adheres to industry standards, regulatory requirements, and internal policies. You will be instrumental in shaping our governance, risk management, and compliance (GRC) framework, focusing on protecting data confidentiality, integrity, and availability.

As a senior member of the GRC team, you will collaborate across technical and non-technical teams, drive policy development, manage security investigations, and oversee audit activities. Your expertise will support OPSWAT’s mission to maintain robust security certifications, meet vendor onboarding requirements, and proactively respond to evolving cyber threats.

What You Will be Doing

• Lead the development, review, and enforcement of security policies, procedures, and processes to ensure compliance with regulatory mandates (e.g., GDPR, CCPA) and industry standards such as NIST CSF, CIS18, ISO 27001, and SOC 2.
• Oversee the implementation and administration of GRC tools and platforms, driving automation to enhance compliance workflows and reporting.
• Manage and conduct complex security investigations, maintaining chain of custody and ensuring thorough documentation.
• Analyze security logs and data sets to identify anomalies, potential threats, and compliance gaps.
• Collaborate closely with IT, Cloud Operations, DevOps, and other technical teams to align security and privacy policies with technology infrastructure.
• Lead internal audits related to security policies and regulatory standards, identifying risks and driving remediation efforts.
• Coordinate responses to customer security questionnaires and vendor risk assessments, ensuring timely and accurate fulfillment.
• Develop and maintain data workflows, dashboards, and metrics to monitor GRC status and support decision-making.
• Handle personal data requests and privacy compliance activities in accordance with GDPR, CCPA, and other relevant regulations.

What We Need from You 

• Proven experience (3+ years) in governance, risk, and compliance within cybersecurity or information security environments.
• Deep understanding of security frameworks such as NIST CSF, ISO 27001, SOC 2, and CIS Controls (CIS18), as well as privacy regulations including GDPR and CCPA.
• Technical understanding and background related to Information Systems, firewalls, Cloud environments, and networking technologies.
• Hands-on experience with GRC tools implementation, administration, and automation.
• Skilled in policy writing, internal audits, security investigations, and data analysis using queries and dashboards.
• Excellent organizational, project management, and communication skills, with the ability to engage both technical and non-technical stakeholders.
• Self-motivated, resourceful, and eager to stay current with emerging security threats and compliance trends.

OPSWAT is an equal opportunity employer. We celebrate diversity and are committed to providing an environment where equal employment opportunities are extended to all employees and applicants, free of discrimination and harassment of any type. All employment decisions are based on individual qualifications, job requirements, and business needs without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other category protected by federal, state, or local laws.

Recruiting Agencies: we do not accept unsolicited resumes from third party agencies for any of our open positions. To submit resumes for our jobs, there must be a recruiting contract approved by our legal team and endorsed by both parties. We are currently not accepting additional 3rd party agencies at this time.