Job Title: Security GRC Analyst
Overview:
Are you a dedicated security professional passionate about shaping enterprise risk management? We are seeking a dynamic Security GRC (Governance, Risk, and Compliance) Analyst to join a leading organization’s security team. In this critical role, you’ll influence how the company manages security risks, ensures regulatory compliance, and strengthens its security posture. If you thrive in a fast-paced environment and are eager to make a tangible impact in information security, this opportunity is perfect for you!
Required Skills:
- 4+ years experience in governance, risk, compliance, or information security
- 2+ years experience conducting 3rd party and supply chain risk assessments
- Strong understanding of CISSP security domains and industry best practices
- Knowledge of security regulatory requirements such as SOX and GDPR
- Familiarity with ISMS frameworks (ISO 27001, NIST, CAIQ)
- Experience with security certifications (ISO 27001, SOC 1, SOC 2, WebTrust)
- Ability to communicate complex risk concepts to diverse audiences
- Proficiency in controls development, implementation, and assessment
- Strong project management, organizational, and interpersonal skills
- Self-motivated with the ability to manage multiple stakeholders across time zones
Nice to Have Skills:
- Automation experience related to security metrics and reporting
- Experience with enterprise security risk management tools and methodologies
- Knowledge of security incident response processes
- Familiarity with security awareness training programs
Preferred Education and Experience:
- Bachelor’s degree in information security, computer science, or related field (Master’s preferred)
- Professional certifications such as CISSP, CISA, CISM, or equivalent are highly desirable
- Prior experience working with compliance standards like ISO27001, GDPR, or NIST frameworks
Other Requirements:
- Location: San Jose, CA (Hybrid work model: 2 days per week onsite)
- Duration: 6+ months with the possibility of extension
- Start Date: ASAP
- Work Arrangement: Open to W2 and C2C candidates
- Additional: Ability to engage in automation initiatives and support remediation efforts
DeWinter Group and Maris Consulting is an equal opportunity employer, and all qualified applicants will receive consideration for employment without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state or local laws. We post pay scales which are based on our client pay ranges. DeWinter, Maris, and our clients have the right to modify the requirements of the role which can impact the pay ranges posted.





