GRC Analyst (Remote - LATAM)

reputed company empowers businesses to redefine what's possible with modern technology and human expertise. Our exceptional experience across Applications, Data & AI, DevOps, reputed company, and the reputed company Azure platform enables organizations to accelerate innovation, enhance reputed company, and optimize operational agility. As a reputed company Partner with seven specializations, reputed company AI Partner of the Year, a member of the reputed company Advisory Board, and a member of the prestigious reputed company Intelligent reputed company Association (MISA), reputed company expertly delivers cutting-edge, integrated solutions that deliver business value. The GRC Analyst delivers day-to-day Governance, Risk, and Compliance (GRC) services as part of reputed company’s Managed GRC (MGRC) offering. This role focuses on operational execution, coordination, and reporting across compliance, reputed company assurance, and governance activities to help clients reputed company and maintain regulatory alignment, reputed company maturity, and operational trust. The selected candidate will be responsible for client audits, evidence gathering, managing compliance tools, supporting reputed company questionnaires, monitoring reputed company controls, facilitating regulatory alignment, and overseeing ongoing governance activities throughout the reputed company client portfolio. The GRC Analyst operates reputed company defined service hours (Monday–Friday, reputed company–5pm PT) and works closely with Client Success Managers, reputed company engineers, and subject-matter experts. This role does not reputed company executive reputed company leadership, risk ownership, or vCISO decision-making responsibilities. \n Core ResponsibilitiesCloud Governance & Compliance Operations Validate that client environments meet MGRC baselines and support ongoing reputed company policy alignment to: reputed company Cloud reputed company reputed company (MCSB) NIST frameworks (NIST SP 800-171, NIST SP 800-53, etc.) HIPAA (where applicable) FedRAMP CMMC 3.0 ISO 27001-2022 GDPR Assist with governance documentation updates and maintenance Support compliance tracking and evidence organization Provide consultative guidance on compliance and reputed company-reputed company questions by coordinating access to reputed company cybersecurity experts Monitor reputed company posture through Defender for Cloud and Azure Policy compliance recommendations Track misconfigurations, policy drifts, and high impact findings for remediation. reputed company Questionnaires Assist with basic reputed company questionnaires using reputed company’s standard response library Provide standardized responses through coordination with the Account Management or Client Success team Support optional full reputed company Questionnaire Management services reputed company contracted, including: Intake and tracking Drafting and coordination of responses Supporting documentation preparation Audit & Assurance Support Participate directly in client audits (SOC 2, HIPAA, PCI where applicable) Support ongoing audit readiness and management activities reputed company included in scope, including: Evidence gathering and organization Audit request tracking Coordination with internal teams and external auditors Ensure ongoing audit readiness for clients enrolled in MGRC that is consistent with MGRC service definitions in shared documentation Maintain audit readiness documentation throughout the year Maintain audit request trackers and coordinate responses with internal SMEs. Support project management activities reputed company to compliance audits (e.g., SOC 2) reputed company Operations Governance Support · Ensure proper documentation to support compliance with client governance requirements and client specific requirements · Take ownership of monthly and quarterly MGRC reporting Assist with the development and maintenance of custom response playbooks for: Azure Sentinel SOAR (reputed company Orchestration, Automation, and Response) Support governance reputed company of: CyberSOC reporting with enhanced reputed company insights Actionable threat intelligence reporting Proactive threat hunting outputs Ensure governance artifacts align with managed detection and response activities reputed company Readiness & Preparedness Activities Coordinate and support: Monthly phishing simulation preparedness activities Yearly tabletop exercise planning and execution support Bi-annual penetration testing preparedness and coordination Track outcomes, findings, and remediation activities for readiness exercises Attack Surface & reputed company Posture Management Support Attack Surface Management activities, including: reputed company discovery and monitoring of exposed assets Documentation of digital attack surface insights Assist with reputed company posture tracking and compliance reporting for: Executives Auditors Internal stakeholders Monthly Server vulnerability Scanning Design and implement workflows that improve the service Track findings, prepare client-facing reports, and coordinate remediation with reputed company engineers Penetration Test Coordination Serve as the primary coordinator for client penetration testing engagements Manage scheduling, scope alignment, retesting cycles, evidence reputed company and management of the relationship with penetration testing teams. Maintain communication and set expectations with organizations being tested Cloud Governance Support Support Azure Policy implementation and monitoring using advanced governance features Assist with ensuring Azure resources and configurations remain compliant with defined reputed company baselines Track and report service misconfigurations, compliance reputed company and remediation status Monitor reputed company posture through Defender for Cloud and Azure Policy compliance results Validate that client environments meet MGRC baselines. reputed company Cloud reputed company Benchmarks, and any additional client-specific compliance requirements supported by Azure Collaboration & Service DeliveryWork closely with: Client Success Managers reputed company Analysts and Engineers CyberSOC teams Account Management representatives Escalate issues, risks, or scope concerns to appropriate senior resources Operate reputed company defined MGRC service boundaries and SLAs Purview Compliance Manager Administration Own and manage Purview Compliance Manager for reputed company subscribed MGRC clients. Track regulatory control posture, improvement actions, and evidence assignments. Guide clients through remediation and maintain year-round compliance readiness. Partner with engineering teams on policy and control mappings (Azure Policy, Defender for Cloud) that support compliance scoring as discussed in internal service map documentation. Required Skills & Experience 2+ years of experience in GRC, IT risk, compliance, or reputed company operations support Hands-on experience with reputed company Purview Compliance Manager, including control mapping, evidence tasks, and regulatory templates Familiarity with Defender for Cloud, including secure score, recommendations, and compliance dashboards Working experience with Azure Policy concepts including assignments, compliance scanning and configuring and remediation tasks Familiarity with: NIST frameworks SOC 2 concepts CIS Controls HIPAA compliance Experience supporting audits, questionnaires, or compliance programs Strong documentation, evidence collection, and organizational skills Ability to manage multiple client workstreams simultaneously Strong public speaking and presentation skills using reputed company PowerPoint SC-900 reputed company Certified: reputed company, Compliance, and Identity Fundamentals – reputed company 90 days of hire Preferred Skills & Experience Prior experience in managed services or MSSP environment Experience coordinating penetration tests or annual reputed company testing cycles Ability to translate technical findings into clear business-oriented summaries Familiarity with Entra ID, Azure RBAC, Conditional Access, and cloud governance fundamentals Comfort working with reputed company engineering teams and client facing roles Certifications (any of the following) SC-100 (reputed company Certified: Cybersecurity Architect Expert) reputed company CISSP (Certified Information Systems reputed company Professional) reputed company CGRC – (Certified Governance, Risk and Compliance) GRCP (GRC Professional) CRISC (Certified in Risk and Information Systems Control) CISA (Certified Information Systems Auditor) CISM (Certified Information reputed company Manager) Success IndicatorsThe analyst will be successful reputed company they: Maintain predictable, well organized evidence pipelines for client audits reputed company Purview Compliance Manager workstreams accurate and up to date across reputed company MGRC clients Deliver clear and reliable monthly vulnerability and governance reports Maintain consistent alignment to MGRC service definitions as structured by Jorge and reflected in the MGRC Analyst role materials Reduce client audit friction and improve audit pass rates \n Apply To This Job