Insight Security
HomeServicesOur ApproachInsightsContact
Book a Call
CAREERS / GRC ANALYST

GRC Analyst

Location
Remote, US
Employment type
Full-time

We're looking for someone who can help our clients navigate compliance, build risk programs, and turn security frameworks into something that actually works for their business.

As a GRC Analyst at Insight Security, you'll help clients make sense of the compliance and risk landscape. You'll assess where they stand against frameworks like SOC 2, ISO 27001, and HIPAA, identify gaps, and help them build programs that satisfy auditors without creating busywork.

This isn't about checking boxes on a spreadsheet. You'll work closely with clients to understand their business, figure out what controls actually make sense for their situation, and help them build security programs that are practical and sustainable. When audit time comes, you'll be the one helping them prepare and making sure nothing falls through the cracks.

You'll also help clients respond to security questionnaires, manage vendor risk, and build the documentation that makes everything run smoothly. It's detail-oriented work, but it matters. The companies we work with are often dealing with compliance for the first time, and they need someone who can guide them through it without making it more complicated than it needs to be.

What you'll do

  • Conduct gap assessments against SOC 2, ISO 27001, HIPAA, and other security frameworks
  • Help clients build and maintain policies, procedures, and control documentation
  • Prepare clients for audits and manage the audit process from start to finish
  • Respond to customer security questionnaires and RFPs
  • Assess third-party vendor risk and help clients build vendor management programs
  • Build and maintain risk registers and help clients prioritize remediation efforts
  • Create training materials and help clients build security awareness programs
  • Work with our consulting team to deliver client engagements on time and on budget

What we're looking for

  • 2+ years of experience in GRC, compliance, or security program management
  • Familiarity with common security frameworks (SOC 2, ISO 27001, NIST CSF, HIPAA)
  • Experience with audit preparation and working with external auditors
  • Strong writing skills and attention to detail
  • Ability to explain compliance requirements in plain language to non-security audiences
  • Comfort working with multiple clients and managing competing priorities
  • A practical approach that focuses on what actually reduces risk, not just what looks good on paper

Nice to have

  • Experience working in a consulting environment
  • Familiarity with GRC tools like Vanta, Drata, or similar platforms
  • Experience with privacy frameworks (GDPR, CCPA)
  • Background in IT or technical roles before moving to GRC
  • Relevant certifications (CISA, CRISC, etc.) are helpful but not required

What we offer

  • Competitive salary and equity
  • Fully remote work
  • Health, dental, and vision insurance
  • Unlimited PTO (and we actually use it)
  • Home office stipend
  • Professional development budget
  • 401(k) with company match
  • Flexible schedule

Interested?

Send your resume and a few sentences about why you're interested. We read every application and respond to everyone.

Apply Now
Insight Security

We build security programs for growing companies.

ServicesOur ApproachCareersInsightsContact
© 2026 Insight Security. All rights reserved.