Governance, Risk and Compliance Analyst

About the Opportunity

This job description is intended to describe the general nature and level of work being performed by people assigned to this classification. It is not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of personnel so classified.

JOB SUMMARY

The Governance, Risk, and Compliance (GRC) Analyst supports compliance and governance initiatives for both government and higher education environments. The GRC Analyst implements and maintain National Institute of Standards and Technology (NIST) -compliant frameworks, supporting the government’s Cybersecurity Maturity Model Certification (CMMC) requirements, and ensuring adherence to security controls across diverse environments. The GRC Analyst will collaborate with teams to assess risk, manage compliance documentation, and ensure that security frameworks and controls are implemented effectively and efficiently.

This position requires occasional availability outside of traditional working hours to address urgent business needs as they arise, including responding to security incidents, supporting software deployments, resolving software issues or system breaks, and addressing other critical operational requirements. The GRC Analyst mitigates disruption to business operations by promptly addressing any issues, regardless of time or day.

MINIMUM QUALIFICATIONS

· Proficiency with Cybersecurity Maturity Model Certification and NIST frameworks and controls.

·  Knowledge of compliance standards in government and higher education environments.

·  Effective written and verbal communication skills to convey information and explain complex compliance requirements to various stakeholders at different organizational levels

·  Adaptable, high initiative and strong sense of urgency

·  Ability to analyze complex data, identify patterns, and translate findings into actionable insights as well as to evaluate risks and develop appropriate responses.

·  Knowledge and skills required for this position are generally acquired through a bachelor's degree and at least 2-4 years of experience.

KEY RESPONSIBILITIES & ACCOUNTABILITIES

1) Support CMMC compliance efforts within a government environment. 25%

2) Assist in implementing NIST-based security frameworks and controls in a higher education setting. 25%

3) Conduct risk assessments and audits to ensure compliance with security standards. 25%

4) Develop and maintain compliance documentation and reporting. 25%

Position Type

Legal and Regulatory Administration

Additional Information

Northeastern University considers factors such as candidate work experience, education and skills when extending an offer.  

Northeastern has a comprehensive benefits package for benefit eligible employees. This includes medical, vision, dental, paid time off, tuition assistance, wellness & life, retirement- as well as commuting & transportation. Visit https://hr.northeastern.edu/benefits/ for more information.  

All qualified applicants are encouraged to apply and will receive consideration for employment without regard to race, religion, color, national origin, age, sex, sexual orientation, disability status, or any other characteristic protected by applicable law.

Compensation Grade/Pay Type:

110S

Expected Hiring Range:

$75,210.00 - $106,230.00

With the pay range(s) shown above, the starting salary will depend on several factors, which may include your education, experience, location, knowledge and expertise, and skills as well as a pay comparison to similarly-situated employees already in the role. Salary ranges are reviewed regularly and are subject to change.