CBIZ, Inc. is a leading professional services advisor to middle market businesses and organizations nationwide. With unmatched industry knowledge and expertise in accounting, tax, advisory, benefits, insurance, and technology, CBIZ delivers forward-thinking insights and actionable solutions to help clients anticipate what's next and discover new ways to accelerate growth. CBIZ has more than 10,000 team members across more than 160 locations in 22 major markets coast to coast.
CBIZ strives to be our team members' employer of choice by creating an environment where team members are appreciated, recognized for their contributions, and provided with opportunities to grow, both personally and professionally, throughout their careers.
We are seeking a detail-oriented and proactive Technical GRC Analyst to join our Information Security team. This role is critical to supporting and enhancing the organization's Governance, Risk, and Compliance (GRC) functions. The analyst will conduct internal and third-party risk assessments, support audits, help maintain compliance with regulatory requirements and drive continuous improvement of our security programs. The ideal candidate will have 2-3 years of experience in security risk management and a strong grasp of relevant frameworks and regulations.
Key Responsibilities:
*Conduct and document internal risk assessments and control reviews across systems, applications, and business processes.
*Perform third-party/vendor security assessments, analyzing security policies and practices to identify risks and ensure appropriate controls are in place.
*Support internal and external security audits (e.g., SOX, SOC 2, ISO 27001, HIPAA) by preparing documentation and coordinating with internal stakeholders.
*Operationalize and improve use of the GRC tool, identifying and driving enhancements to automation, reporting, and usability.
*Develop and maintain a vendor risk management framework, supporting documentation, and workflows.
*Coordinate with other stakeholders on audits, assessments, and remediation activities.
*Track and maintain the organization's security awareness and compliance programs.
*Support closure of service desk tickets and stay current on industry best practices, emerging threats, and changes to regulatory and compliance obligations.
*Provide guidance and recommendations in IT development projects to internal stakeholders on security controls and risk mitigation.
*Generate Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for reporting to management and leadership.
*Monitor and remediate external facing security scores (Bitsight/Upguard)
Preferred Qualifications:
*2-3 years of experience in Information Security, GRC, Risk Management, or IT Compliance.
*Solid understanding of security frameworks and standards such as NIST CSF, SOC 2 Type 2, and risk assessment methodologies.
*Familiarity with regulations such as HIPAA, GDPR, CCPA, and best practices for third-party risk.
*Experience with GRC platforms or risk management tools.
*Strong analytical and critical thinking skills with the ability to evaluate technical and business risks.
*Excellent verbal and written communication skills, capable of presenting technical issues to non-technical audiences.
*Highly organized and detail-oriented, with proven ability to manage multiple tasks and projects.
*Demonstrated ability to work both independently and in collaboration with cross-functional teams.
Minimum Qualifications:
* College Degree or equivalent required
* 6 years related experience
* Expert technical knowledge
* Knowledge of industry regulations
* Ability to lead and coordinate the team activities of others
* Ability to formulate, document and recommend new policies and procedures
* Able to work in and lead a team
* Demonstrated ability to communicate verbally and in writing throughout all levels of an organization, both internally and externally
* Ability to travel as required by business and on-call availability
#LI-MM2 #LI-Hybrid
CBIZ
Jun 05, 2025