Senior GRC Analyst

About The Weather Company:

The Weather Company is the world’s leading weather provider, helping people and businesses make more informed decisions and take action in the face of weather. Together with advanced technology and AI, The Weather Company’s high-volume weather data, insights, advertising, and media solutions across the open web help people, businesses, and brands around the world prepare for and harness the power of weather in a scalable, privacy-forward way. The world’s most accurate forecaster globally, the company reaches hundreds of enterprise clients and more than 360 million monthly active users via its digital properties from The Weather Channel (weather.com) and Weather Underground (wunderground.com).

Job brief:

As a Senior Governance, Risk, and Compliance (GRC) Analyst, you will play a pivotal role in shaping and maintaining our cybersecurity and risk management strategies. You will lead initiatives that ensure compliance with key regulatory frameworks, drive enterprise-wide risk reduction efforts, and champion a culture of proactive security and compliance across the organization.

This role requires deep expertise in risk assessment and regulatory compliance, as well as a forward-thinking approach to evolving cybersecurity trends. You will work cross-functionally with IT, security, and business teams to implement controls, support audits, identify vulnerabilities, and strengthen operational resilience.

If you are passionate about building secure, scalable, and compliant technology environments and thrive on partnering with others to solve complex challenges, we would love to hear from you.

The impact you'll make:

• Have a deep understanding of risk assessment, regulatory frameworks, and emerging trends in the cybersecurity and risk landscape
• Define internal requirements to meet regulatory compliance frameworks and implement enterprise-wide strategy and key initiatives/projects focused on the reduction of technology risk
• Provide leadership and collaborate with IT and business teams on critical, enterprise-wide projects related to maintaining security and compliance controls, including identifying points of operational vulnerability and dependencies across technology services, systems, platforms, domains, teams, and activities to achieve certification and ensure both program and audit compliance.
• Identify stability and performance trends that indicate the need for strategic and/or process changes to technology service and risk governance
• Utilize a thorough understanding of change management guidelines to implement initiatives and updates successfully
• Assist in creating a culture of risk and compliance awareness through the development of training and education on risk policies, practices, and industry guidelines
• Facilitate, govern, and measure organizational adoption and adherence to service transition/change-related controls and reporting
• Assist in the execution of departmental plans, including business, production, and/or organizational priorities, and contribute to the Governance, Risk and Compliance functional strategy
• Work with IT and business teams to perform security and compliance assessments on new and existing systems, processes, and technology
• Support internal and external audit processes for relevant compliance concerns
• Participate in disaster recovery and business continuity planning and exercises, as appropriate
• Perform periodic gap assessments to validate compliance on an ongoing basis
• Other duties as assigned.

What you've accomplished:

• Bachelor’s degree in Computer Science, Information Technology, or equivalent experience 
• 5+ years of experience in IT governance, risk management, audit, compliance, technology process design & control, or other related technology competencies
• Experience successfully leading large multi-stakeholder projects, including the use of Project Management tracking tools like Jira, Smartsheet, ServiceNow, or similar programs
• Demonstrated ability to bring multiple stakeholders to agreement on an agreed course of action
• Experience auditing, managing, or implementing risk frameworks such as CMMC, NIST frameworks (i.e., NIST 800-171, 800-53, CSF), and/or SOC 2 Type I and II, or similar.
• Experience working on or with government agencies, defense teams, and organizations 
• Excellent understanding of the interdependencies of multiple infrastructure technical

Nice to have

• Technical experience managing compliance activities in cloud environments, specifically AWS

• Flexible Time Off program
• Hybrid work model
• A variety of medical insurance options, including a $0 cost premium employee coverage
• Benefits effective day 1 of employment include a competitive 401K match with no vesting requirement, national health, dental, and vision plans
• Progressive family plan benefits
• An opportunity to work for a global and industry-leading technology company
• Impactful work in a collaborative environment