Governance, Risk, and Compliance Analyst

Who are we

Fulcrum Digital is an agile and next-generation digital accelerating company providing digital transformation and technology services right from ideation to implementation. These services have applicability across a variety of industries, including banking & financial services, insurance, retail, higher education, food, healthcare, and manufacturing.

Job Summary

We are seeking a detail-oriented and analytical GRC Analyst to support the organization’s governance, risk management, and compliance initiatives. The ideal candidate will help identify risks, ensure regulatory compliance, support audit processes, and strengthen internal controls to protect the organization’s assets and reputation.

Key Responsibilities

Governance

• Support development and maintenance of security policies, standards, and procedures

• Ensure alignment with industry frameworks (e.g., ISO 27001, NIST, SOC 2)

• Assist in policy awareness and training initiatives

Risk Management

• Conduct risk assessments and maintain risk registers

• Identify, analyze, and document security and operational risks

• Track remediation plans and risk mitigation efforts

• Support third-party/vendor risk assessments

Compliance

• Monitor compliance with regulatory and industry requirements (e.g., GDPR, HIPAA, PCI-DSS as applicable)

• Assist with internal and external audits

• Collect and maintain evidence for compliance reporting

• Coordinate remediation of audit findings

Reporting & Documentation

• Prepare risk and compliance reports for management

• Maintain documentation of controls and audit artifacts

• Track KPIs and KRIs

Required Qualifications

• Bachelor’s degree in Information Security, Cybersecurity, IT, Risk Management, or related field

• 2–5 years of experience in GRC, risk management, compliance, or IT audit

• Knowledge of security frameworks (ISO 27001, NIST, SOC 2, etc.)

• Understanding of regulatory requirements (GDPR, HIPAA, PCI-DSS, etc.)

• Strong analytical and documentation skills

Preferred Qualifications

• Mandatory - Certifications such as CISA, CRISC, CISM, ISO 27001 Lead Implementer/Auditor

• Experience with GRC tools (e.g., Archer, ServiceNow GRC)

• Experience working with cloud environments (Azure, AWS, GCP)

• Knowledge of cybersecurity controls and risk methodologies

Key Skills

• Risk assessment and analysis

• Policy and control documentation

• Audit coordination

• Strong communication and stakeholder management

• Attention to detail

• Ability to work independently and manage multiple priorities

Work Environment

• Full-time position

• Hybrid/Remote (as applicable)

• Cross-functional collaboration with IT, Security, Legal, and Business teams