Join a team with one shared mission - to make a difference, every person, every day.
We are more than 100,000 team members strong, from all backgrounds and corners of the world, with the talent, experience and compassion that enables us to make an impact. For thousands of clients across the U.S. and in more than 20 global locations, ABM takes care of the people, spaces and places that matter most. We also take care of our team members —ensuring our company is a great place to work, and our communities are safer, healthier, and more sustainable places to be. Every team member at ABM has the opportunity to make a difference. Every day. And we cultivate a culture where our team members feel seen, heard, and valued and can grow a career and a future with us.
ABM is currently seeking a highly motivated and detail-oriented Sr. GRC Analyst to support the organization’s Governance, Risk & Compliance program and ensure alignment with regulatory requirements and industry standards such as ISO 27001, CMMC, NIST, and NYDFS. The Sr. GRC Analyst will support enterprise risk assessments, evaluate control effectiveness, identify risk exposures and control gaps, track remediation efforts, and support cross-functional teams to maintain audit readiness and compliance across the IT and Information Security environment.
Responsibilities• Maintain governance documentation, perform risk assessments, and support framework alignment across ISO 27001/27002/27005, NIST, CMMC, NYDFS, NIS2, and other applicable standards.
• Lead coordination of regulatory and certification assessments (e.g., NYDFS, ISO 27001, CMMC), including risk assessments, Statement of Applicability (SoA) updates, scope management, evidence collection, validation of control documentation, and preparation of attestation support materials.
• Serve as a point of coordination for certification, regulatory, and audit-related activities across IT and Information Security stakeholders.
• Support continuous improvement of Governance, Risk & Compliance processes and documentation standards.
• Maintain accurate records of compliance activities, findings, and remediation status.
• Support cross-functional teams in maintaining audit readiness and regulatory compliance.
• Develop and report risk and compliance metrics to leadership and support remediation tracking activities.
• Perform other duties as assigned, including support of third-party risk management assessments and ongoing vendor monitoring activities, maintenance of risk registers, remediation tracking, and response to client or external cybersecurity requests.
Education:
• Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent relevant experience.
Experience:
• 5+ years of experience in Governance, Risk & Compliance (GRC), IT Risk Management, Information Security, or IT Compliance within a regulated or enterprise environment.
• Experience supporting or coordinating regulatory and certification assessments (e.g., ISO 27001, CMMC, NYDFS, NIST).
• Experience maintaining risk registers, remediation tracking processes, and governance documentation.
• Experience coordinating audit evidence collection and supporting internal or external audit activities.
• Strong understanding of industry standards and frameworks, including ISO 27001/27002/27005, NIST, CMMC, and applicable regulatory requirements.
• Experience developing compliance metrics and reporting for leadership.
• Proficiency with GRC platforms and documentation management tools.
• Strong analytical, organizational, and documentation skills with attention to detail.
• Effective communication and interpersonal skills, with the ability to collaborate across technical and non-technical stakeholders.
• Proficiency with remote collaboration tools (e.g., MS Teams) and Microsoft 365 applications, including PowerPoint and Excel, for documentation, control tracking, and metrics reporting.
• Experience performing or supporting SOC 2 reviews is a plus.
• Experience supporting ISO certification lifecycle activities (surveillance, recertification, scope expansion).
• Experience responding to client or external cybersecurity questionnaires and compliance inquiries.
Certifications:
• One or more of the following: CISA, CISM, CISSP, or CRISC.
Skills Required
- Bachelor's degree in Information Security, Computer Science, or related field, or equivalent experience
- 5+ years experience in Governance, Risk & Compliance, IT Risk Management, Information Security, or IT Compliance in a regulated or enterprise environment
- Experience supporting or coordinating regulatory and certification assessments (ISO 27001, CMMC, NYDFS, NIST)
- Experience maintaining risk registers, remediation tracking processes, and governance documentation
- Experience coordinating audit evidence collection and supporting internal or external audit activities
- Strong understanding of ISO 27001/27002/27005, NIST, CMMC, NYDFS, and NIS2 frameworks
- Proficiency with GRC platforms and documentation management tools
- Experience developing compliance metrics and reporting for leadership
- Proficiency with remote collaboration tools (MS Teams) and Microsoft 365 applications (PowerPoint, Excel)
- Experience supporting ISO certification lifecycle activities (surveillance, recertification, scope expansion)
- Experience responding to client or external cybersecurity questionnaires and compliance inquiries
- Certifications: one or more of CISA, CISM, CISSP, or CRISC
- Experience performing or supporting SOC 2 reviews
ABM Industries Compensation & Benefits Highlights
The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about ABM Industries and has not been reviewed or approved by ABM Industries.
-
Healthcare Strength — Health coverage includes medical, dental, and vision, with some options described as strong (including no‑deductible choices) and added features to support condition management alongside expanded wellness benefits. Programs such as an Employee Assistance Program and FSA/HSA options further support physical and mental wellbeing.
-
Retirement Support — A 401(k) savings plan with company match and immediate vesting supports long‑term savings. Complementary protections like life, AD&D, and disability insurance bolster financial security.
-
Wellbeing & Lifestyle Benefits — Perks such as paid holidays, vacation and sick/bereavement time, commuter benefits, and discount programs are part of the offering. An emergency relief fund for financial hardship provides additional practical support for eligible employees.
ABM Industries Insights
What We Do
Commercial Cleaning Service That Shines There’s more to janitorial services than a mop hitting the floor. Environmental concerns and new technologies have taken commercial cleaning service to a new level. ABM Janitorial Services combines today’s technology with more than 100 years of innovative experience. That means we can offer you a full range of solutions based on your individual needs – at one site or for multiple locations nationwide. Our uniformed, trained workers use our private label cleaning products and the best equipment for doing the job right. Quality work is reinforced through inspections, detailed record keeping, and exception reporting. Choose ABM for your janitorial services today.

.jpg)







