Business Wire, a Berkshire Hathaway company, is the global leader in press release distribution and regulatory disclosure. We’re committed to transforming how organizations engage with their audiences—and this is just the beginning.

Organizations of all sizes rely on us to deliver impactful news and multimedia content, driving social engagement and fostering meaningful connections with their target audiences.

About the Role

The Principal Governance, Risk, and Compliance (GRC) Analyst is responsible for identifying, evaluating, and reducing cybersecurity risks, with a focus on automating and enhancing cybersecurity controls. This role involves assessing the effectiveness of security measures, ensuring compliance with industry standards, and improving risk management processes. The ideal candidate will have strong expertise in cybersecurity risk management, regulatory compliance, and hands-on experience with Integrated Risk Management (IRM) and Third-Party Risk Management (TPRM) tools.

The Analyst will collaborate with business, IT, and security teams to address identified risks and automate controls to improve compliance with regulations, standards, and internal policies.

Key Responsibilities

– Automate and oversee cybersecurity controls to ensure effective risk mitigation.
– Evaluate, deploy, and manage IRM and TPRM tools.
– Maintain the risk register and oversee risk mitigation efforts, including exceptions.
– Conduct internal and third-party cybersecurity risk assessments.
– Maintain a comprehensive inventory of cybersecurity controls aligned with industry standards (e.g., NIST, ISO 27001, CIS, SOC 2) and regulations (e.g., GDPR, CCPA, PCI-DSS, SOX).
– Create and use assessment tools to identify control gaps and recommend automated solutions.
– Work with IT, InfoSec, Compliance, and Legal teams to assess and address risks.
– Produce risk and control reports and dashboards for leadership, highlighting key risks and mitigation progress.
– Help document and update cybersecurity risk management policies and procedures.

Qualifications

– Bachelor’s degree in Information Security, IT, Computer Science, Engineering, or a related field.
– 8+ years of experience using GRC platforms to automate controls, assess risks, and ensure compliance.
– Strong knowledge of cybersecurity controls and risk mitigation for data protection and privacy.
– Ability to evaluate complex cybersecurity risks and recommend effective solutions.
– Preferred certifications: CISSP, CISA, CISM, CGEIT, or CRISC (CISSP preferred).

Technical Expertise

– Proficiency in identity and access management tools (e.g., Microsoft Entra, Active Directory, PAM).
– Experience with vulnerability management tools like Rapid7.
– Familiarity with IT asset management, CMDBs, and network discovery tools.
– Knowledge of control frameworks (e.g., NIST CSF/RMF, PCI-DSS, SOX, SOC 2, GDPR, CCPA).
– Understanding of operating systems, databases, and middleware.
– Experience conducting compliance and risk assessments.
– Project management experience in IT and security.
– Proficiency in Microsoft Office 365 (Word, Excel, SharePoint, OneDrive, Teams, PowerPoint).

Work Environment

– Self-driven and goal-oriented with strong prioritization skills.
– Excellent organizational and project leadership abilities.
– Strong written and verbal communication skills.
– Collaborative and able to build strong relationships across departments.
– Adaptable and able to apply knowledge to new technologies and scenarios.

Note: Business Wire does not sponsor employment authorization for this position.

Compensation & Benefits

– Base salary range: $175,000–$182,000 annually, based on experience, skills, education, internal equity, and market data. Business Wire may adjust this range at its discretion.
– Remote work option
– Comprehensive health benefits starting on day one
– $100 monthly fitness stipend, tuition reimbursement, and mental health support
– 401(k) with company match and annual profit-sharing (based on company performance)
– Paid time off, floating holidays, wellness day, birthday off, and more

A background check is required after accepting an offer. Business Wire is proud to be an equal opportunity employer. We welcome applicants regardless of race, color, religion, gender, national origin, sexual orientation, age, disability, gender identity, veteran status, or other protected characteristics. In accordance with the San Francisco Fair Chance Ordinance and similar laws, we also consider qualified applicants with arrest or conviction records.