ASSYST is seeking a qualified Information Security Risk Analyst to support our client’s Governance, Risk, and Compliance (GRC) program. This role involves identifying, assessing, and documenting risks related to information systems, technologies, vendors, and operational processes—ensuring alignment with client security policies and regulatory standards.

QUALIFICATIONS:

• Experience with GRC tools (ServiceNow, RSA Archer, etc.)
• Knowledge of frameworks: NIST 800-53, ISO 27001, HIPAA, PCI, FedRAMP
• Strong technical foundation and risk analysis skills
• Familiarity with FAIR and SOC 1/2 Type II assessments

• Conduct structured risk assessments
• Review internal controls
• Evaluate third-party security attestations
• Support vulnerability and compliance activities