Governance, Risk, and Compliance (GRC) Analyst (Phoenix)

Governance, Risk, and Compliance (GRC) Analyst Location: Phoenix, AZ (Hybrid – local candidates only) Position Type: Contract (4 months, contract-to-hire) Start Time: 8:00 AM – 5:00 PM (Day Shift) Education: Bachelor’s Degree required Security: Background check & drug screening (HireRight) required Position Summary Seeking a Governance, Risk, and Compliance (GRC) Analyst / Information Security Analyst (ISA) to support enterprise security, risk management, compliance, and audit activities. The role focuses on ensuring IT systems, policies, and processes comply with federal, state, and industry security standards, while supporting audits, risk assessments, and governance reporting. You will work closely with business units, IT teams, and leadership to gather requirements, assess risks, document findings, and improve security controls across systems.

Key Responsibilities Risk & Compliance Management Conduct risk assessments and security audits Identify non-compliance issues and recommend remediation actions Develop POA&M (Plan of Action and Milestones) reports Track findings and ensure corrective actions are completed Investigate suspicious or unusual system/network activity Audit & Reporting Prepare audit documentation and formal findings reports Ensure audit outputs meet agency and regulatory standards Draft and edit security audit findings and reports Maintain compliance documentation accuracy and consistency Security Governance Review and update security policies, risk plans, and audit plans Ensure alignment with frameworks such as: NIST 800-53 Rev 5 IRS Pub 1075 CJIS MARS-E HITRUST / IPAA standards Support Risk Management Framework (RMF) processes Business & Technical Collaboration Work with business units to gather reporting and data requirements Develop data flows, system diagrams, and logical/physical models Translate business needs into technical security requirements Support project managers with requirements gathering and documentation Documentation & Enablement Develop training materials and user adoption documentation Maintain key project artifacts and governance records Communicate risks, findings, and recommendations to stakeholders Support continuous improvement of security processes Required Skills & Qualifications Technical & Security Knowledge Information Security Risk Management Internal auditing and internal controls Security frameworks: NIST 800-53 R5, RMF Windows and/or Unix system environments Basic understanding of databases, networking, and IT systems Cybersecurity and privacy compliance knowledge Regulatory Knowledge CJIS compliance IRS Pub 1075 MARS-E standards HITRUST / IPAA frameworks Core Competencies Strong analytical and risk assessment skills Ability to write detailed audit and compliance reports Excellent written and verbal communication Ability to work across technical and non-technical teams Strong organizational and documentation skills Ability to manage multiple priorities in a fast-paced environment Preferred Qualifications Experience in Project Management Certifications such as: CISSP CCSP CAP (Certified Authorization Professional) GSNA / GSTRT or related security certifications Additional Requirements Must be local to Phoenix, AZ (within 1-hour commute) Must be available for in-person interviews Must be eligible for contract-to-hire conversion No visa sponsorship available Must start within 2 weeks of offer