Associate GRC Analyst

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss.
Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.

• We invented the cyber ratings industry in 2011
• Over 3000 customers trust Bitsight
• Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, and remote

The Associate GRC Analyst supports Bitsight’s information security and risk management programs to protect its information assets by applying company policies and standards. This role requires managing multiple high-priority initiatives independently while participating in ongoing training to enhance information security and risk management knowledge and skills.

DUTIES & RESPONSIBILITIES

• Serve as a contact for IT compliance-related matters, including responding to compliance and security-related inquiries from external parties and performing vendor risk assessments during onboarding and offboarding processes.

• Collaborate with cross-functional teams, including Legal, Engineering, IT, and others, to address compliance needs and ensure alignment across departments.

• Engage in project-based work to support GRC initiatives, providing hands-on experience in developing and implementing compliance frameworks.

• Assist in developing and maintaining a scalable compliance program to support the company’s growth and ensure adherence to applicable regulatory requirements and industry best practices.

• Assist in documenting and maintaining corporate policies, procedures, and standards. Support efforts to ensure alignment with governance frameworks (e.g., SOC 2, ISO 27001, NIST).

• Assist in documenting internal processes and procedures 

• Prepare reports and dashboards for stakeholders on GRC initiatives.

• Contribute to developing and implementing a continuous monitoring program for IT compliance, focusing on automating manual processes.

• Monitor regulatory and industry trends, ensuring necessary compliance policy and procedure updates are tested and implemented promptly.

• Assist in the configuration and administration of compliance automation tools.

• Assist in audits and assessments by gathering evidence and documentation.

• Contribute to the development of security awareness and training programs for employees.

SKILLS, EDUCATION, & WORK EXPERIENCE

Education: 

• Bachelor’s degree in Information Technology or a related field preferred. 

• Relevant certifications (CompTIA Security+, GRCP, CCSK, etc.) are a plus

Experience:

• 1-2 years of experience in GRC, IT security, risk management, or compliance roles (internships or entry-level experience preferred).

• Experience communicating with internal and external parties via support ticketing systems (e.g., Zendesk, Jira Service Management, Freshdesk).

Knowledge: 

• Familiarity with common security frameworks, standards, and regulations (e.g., SOC 2, GDPR, CCPA, PCI DSS, ISO 27001).

• Familiarity with vendor risk management processes.

Skills:

• A growth mindset, committed to ongoing learning and professional development in the GRC domain.

• Ability to develop security standards and guidelines based on industry best practices.

• Strong interpersonal, communication, and presentation skills, including experience with formal report writing.

• Creative problem-solving and the ability to devise adaptive solutions for complex inquiries.

• Ability to thrive in a fast-paced work environment while meeting deadlines.

• Positive attitude, team-oriented, and a good sense of humor.

• Strong collaboration skills and ability to work in a diverse, inclusive environment.

Belonging & Inclusion. Bitsight is proud to be an equal opportunity employer. This means we do not tolerate discrimination of any kind and are committed to providing equal employment opportunities regardless of your gender identity, race, nationality, religion, sexual orientation, status as a protected veteran, or status as an individual with a disability.

Culture. We put our people first. Bitsight offers best in class benefits. We devote the same energy to nurturing our company's inclusive culture as we apply to serving our customers' needs. Working at Bitsight will give you the opportunity to fulfill your professional goals and expand your skills.

Open-minded. If you got to this point, we hope you’re feeling excited about the job description you just read.  Even if you don’t feel that you meet every single requirement, we still encourage you to apply.  We’re eager to meet people that believe in Bitsight’s mission and can contribute to our team in a variety of ways.

Bitsight also provides reasonable accommodations to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email [email protected]. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

Additional Information for United States of America Applicants:

Bitsight is committed to compliance with all fair employment practices regarding citizenship and immigration status.

Bitsight will not discharge, discipline or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant.

Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Qualified applicants with criminal histories will be considered for employment consistent with applicable law.

This position may be considered a promotional opportunity pursuant to the Colorado Equal Pay for Equal Work Act.