We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
Vaco jobs

GRC Analyst (469643)

Vaco
$115,000.00 - $130,000.00 / yr
401(k), retirement plan
United States, Texas, Dallas
Feb 19, 2026
GRC Analyst | 469643
DETAILS
Location: Allen, TX 75013 (hybrid onsite 2-3 days per week)
Position Type: Direct-Hire
Hourly / Salary: to $125K+ (potentially more based on candidate experience-level)

JOB SUMMARY
Vaco is currently seeking a GRC Analyst for a Direct-Hire opportunity located in Allen, TX 75013 (hybrid onsite 2-3 days per week). The GRC Analyst will ensure information systems and processes align with established cybersecurity, privacy, and regulatory standards. The GRC Analyst will conduct in-depth security consultations and risk assessments to evaluate the effectiveness of security controls, identify vulnerabilities, and recommend mitigation strategies. The ideal GRC Analyst will come with 5+ years of hands-on experience in infosec with heavy risk / compliance emphasis, proven ownership of SOC2 (especially from mid-sized environments), ability to compile evidence, and manage auditors, plus strong analytical / communication skills.
  • Develop / Maintain Security Policies / Strategies / Governance Documentation - Ensuring Organizational Compliance with Laws / Regulations / Standards
  • Analyze Data from Multiple Sources - Providing Actionable Insights ion Cybersecurity / Privacy (Risks / Trends / Opportunities) for Improvement
  • Evaluate Technology Programs / Components for Compliance with Published Security / Privacy Standards - Recommending / Overseeing Corrective Actions
  • Continuous Monitoring / Testing the Effectiveness of Security Controls
  • Anticipate / Respond to Changes in Cybersecurity Policy / Regulations / Technology / Staging Requirements to Maintain Organizational Readiness
  • Lead / Coordinate Security Programs - Ensuring Overall Success / Alignment with Organizational Priorities / Effective Communication with Stakeholders
  • Conduct Gap Analysis / Implement Frameworks / Standards - NIST / SOC2
  • Conduct Vendor Risk Assessments / Against Organizational Security Requirements
  • Manage Risk Validation Testing / Compliance Reviews / Audits in Accordance with NIST Standards
  • Manage / Support SOC2 / Global Audits
  • Maintain / Monitor Central Repository for Audit Evidence
  • Conduct Research to Aid Threat Assessment / Risk Mitigation Activities

About the Project: This GRC Analyst will be the first dedicated GRC expert at a growing financial institution, that will launch and lead SOC2 compliance, enabling secure digital innovation for members, freeing up IT ops to focus on core work, and growing a foundational compliance program with direct executive visibility (reporting directly to the CIO).

The GRC Analyst will establish and own the GRC function, primarily to achieve SOC2 compliance for a major new digital product rollout that was launched in late 2025. The SOC2 Compliance Process has not started yet. This GRC Analyst will quickly kick off the SOC2 journey (starting with Type 1 Design Attestation, then Type 2 Operating Effectiveness over 6-12M), owning the initiative end-to-end (vetting audit firms, conducting gap analysis against SOC2 + NIST, remediating controls, compiling / maintaining audit evidence repository, managing third-party audits, and ongoing control testing / monitoring), while building a sustainable GRC program.

Currently, business compliance handles some aspects (but lacks deep IT focus), IT operations covers overflow tasks (policy reviews / phishing simulations / audit prep), and the CIO personally reviews and approves everything. A secondary immediate need will be for the GRC Analyst to assist in offloading those burdens from operations.

JOB REQUIREMENTS
  • GRC Analyst (5+ years) - Information Security / Risk/Compliance Emphasis (direct experience) | Cybersecurity Frameworks / Standards (in depth knowledge)
  • Identity Management / Identity Management Standards (knowledge) - IAM Controls (MFA / SSO / RBAC / PAM, etc.) / Reviewing Access Control Metrics / Conducting Access Reviews / Validating Processes | Identity Governance Standards Aligned to SOC2 / NIST (familiarity)
  • Risk / Compliance Program Execution - Demonstrated Ownership of End-to-End Compliance Initiatives (Gap Assessment / Remediation / Validation / Audit Support) | Developing Project Plans / Milestones / Control Testing Calendars | Coordinating Cross-Functional Stakeholders to Implement Corrective Actions
  • Audit Management - Primary PoC Managing Third-Party Audits / Compile Evidence / Organize Audit Responses | Building / Maintaining Centralized Audit Evidence Repositories (Policies / Screenshots / Config Exports / Logs / Change Records)
  • GRC Methodology / Tool Techniques / Best Practices (knowledge) - Track Risk / Controls / Findings / Remediation Plans | Develop Risk Registers / Control Matrices / Testing Schedules | Evidence Collection Automation (familiarity) / Control Mapping Between SOC 2 / NIST Frameworks
  • Regulatory / Compliance Requirements (familiarity) - Financial Services Regulatory Considerations (GLBA / Privacy Requirements, etc.) | Aligning Internal Controls to External Regulatory Obligations | Translating Regulatory Language into Technical Control Requirements
  • Security Foundation | Network / System Architecture (understanding) - Common Security Configurations / Vulnerabilities (knowledge) | Network Segmentation / Firewalls / Endpoint Security / Logging / Encryption Standards (working knowledge) | Evaluating Secure Configs Across Cloud / OnPrem | Vulnerability Management Lifecycles / Remediation (understanding)
  • Risk Analysis | Analytical / Problem-Solving Skills (advanced) - Identifying Security Risks / Evaluating Mitigation Strategies | Conducting Formal Risk Assessments (Qualitative / Quantitative) | Identifying Control Failure Root Causes / Recommending Mitigation Strategies
  • Security / GRC Tooling - Risk Assessment/Compliance Tools / Vulnerability Scanners / SIEM Reporting / Control Monitoring Dashboards | Interpreting Scan Results / Integrating Findings into Risk Registers | Evidence Retention Documentation Standards for Audit Readiness (familiarity)
  • Policy Interpretation - Effectively Interpreting / Applying Security Policies / Procedures / Technical Standards | Drafting / Updating / Version-Controlling IT Security Policies | Mapping Policies to SOC 2 Trust Services Criteria / NIST Controls | Conducting Policy Reviews, etc.
  • Compliance Assessment - Assess Technical Environments for Compliance with Security / Privacy Requirements | Performing Control Walkthroughs / Configuration Reviews / Access Validations | Conducting Gap Analyses Against SOC 2 and NIST Frameworks | Validating Ongoing Control Operation for SOC2 Type 2 Reporting Period
  • Excellent Verbal / Written Communication Skills - Clearly Conveying Complex Information to Technical / Non-Technical Stakeholders

Determining compensation for this role (and others) at Vaco/Highspring depends upon a wide array of factors including but not limited to the individual's skill sets, experience and training, licensure and certifications, office location and other geographic considerations, as well as other business and organizational needs. With that said, as required by local law in geographies that require salary range disclosure, Vaco/Highspring notes the salary range for the role is noted in this job posting. The individual may also be eligible for discretionary bonuses, and can participate in medical, dental, and vision benefits as well as the company's 401(k) retirement plan. Additional disclaimer: Unless otherwise noted in the job description, the position Vaco/Highspring is filing for is occupied. Please note, however, that Vaco/Highspring is regularly asked to provide talent to other organizations. By submitting to this position, you are agreeing to be included in our talent pool for future hiring for similarly qualified positions. Submissions to this position are subject to the use of AI to perform preliminary candidate screenings, focused on ensuring minimum job requirements noted in the position are satisfied. Further assessment of candidates beyond this initial phase within Vaco/Highspring will be otherwise assessed by recruiters and hiring managers. Vaco/Highspring does not have knowledge of the tools used by its clients in making final hiring decisions and cannot opine on their use of AI products.

Vaco by Highspring values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply.

EEO Notice

Vaco by Highspring is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law.

Vaco by Highspring and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco by Highspring and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com .

Vaco by Highspring also wants all applicants to know their rights that workplace discrimination is illegal.

By submitting to this position, you agree that you will be giving Vaco by Highspring the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco by Highspring about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco by Highspring agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal.

Privacy Notice

Vaco by Highspring and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco by Highspring") respects your privacy and are committed to providing transparent notice of our policies.

  • California residents may access Vaco by Highspring HR Notice at Collection for California Applicants and Employees here.
  • Virginia residents may access our state specific policies here.
  • Residents of all other states may access our policies here.
  • Canadian residents may access our policies in English here and in French here.
  • Residents of countries governed by GDPR may access our policies here.
Pay Transparency Notice

Determining compensation for this role (and others) at Vaco by Highspring depends upon a wide array of factors including but not limited to:

  • the individual's skill sets, experience and training;
  • licensure and certification requirements;
  • office location and other geographic considerations;
  • other business and organizational needs.

With that said, as required by local law, Vaco by Highspring believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses.

Applied = 0
MORE JOBS LIKE THIS

(web-54bd5f4dd9-cz9jf)