Logo for Bitsight

Associate GRC Analyst

Bitsight

Roles & Responsibilities

  • Bachelor's degree in Information Technology or related field (preferred)
  • 1-2 years of experience in GRC, IT security, risk management, or compliance (internships or entry-level experience preferred)
  • Relevant certifications (e.g., CompTIA Security+, GRCP, CCSK) are a plus
  • Familiarity with common security frameworks and vendor risk management processes

Requirements:

  • Serve as a contact for IT compliance-related matters, including responding to compliance and security inquiries and performing vendor risk assessments during onboarding and offboarding
  • Collaborate with Legal, Engineering, IT, and other teams to address compliance needs and ensure cross-department alignment
  • Assist in developing and maintaining a scalable compliance program and documenting corporate policies, procedures, and standards
  • Prepare reports and dashboards for stakeholders on GRC initiatives and support audits and continuous monitoring efforts

Job description

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss.
Built on over a decade of technological innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.

  • We invented the cyber ratings industry in 2011
  • Over 3000 customers trust Bitsight
  • Over 750 teammates are dispersed throughout Boston, Raleigh, New York, Lisbon, Singapore, and remote

The Associate GRC Analyst supports Bitsight’s information security and risk management programs to protect its information assets by applying company policies and standards. This role requires managing multiple high-priority initiatives independently while participating in ongoing training to enhance information security and risk management knowledge and skills.


 

DUTIES & RESPONSIBILITIES

  • Serve as a contact for IT compliance-related matters, including responding to compliance and security-related inquiries from external parties and performing vendor risk assessments during onboarding and offboarding processes.

  • Collaborate with cross-functional teams, including Legal, Engineering, IT, and others, to address compliance needs and ensure alignment across departments.

  • Engage in project-based work to support GRC initiatives, providing hands-on experience in developing and implementing compliance frameworks.

  • Assist in developing and maintaining a scalable compliance program to support the company’s growth and ensure adherence to applicable regulatory requirements and industry best practices.

  • Assist in documenting and maintaining corporate policies, procedures, and standards. Support efforts to ensure alignment with governance frameworks (e.g., SOC 2, ISO 27001, NIST).

  • Assist in documenting internal processes and procedures 

  • Prepare reports and dashboards for stakeholders on GRC initiatives.

  • Contribute to developing and implementing a continuous monitoring program for IT compliance, focusing on automating manual processes.

  • Monitor regulatory and industry trends, ensuring necessary compliance policy and procedure updates are tested and implemented promptly.

  • Assist in the configuration and administration of compliance automation tools.

  • Assist in audits and assessments by gathering evidence and documentation.

  • Contribute to the development of security awareness and training programs for employees.


 

SKILLS, EDUCATION, & WORK EXPERIENCE

Education: 

  • Bachelor’s degree in Information Technology or a related field preferred. 

  • Relevant certifications (CompTIA Security+, GRCP, CCSK, etc.) are a plus

Experience:

  • 1-2 years of experience in GRC, IT security, risk management, or compliance roles (internships or entry-level experience preferred).

  • Experience communicating with internal and external parties via support ticketing systems (e.g., Zendesk, Jira Service Management, Freshdesk).

Knowledge: 

  • Familiarity with common security frameworks, standards, and regulations (e.g., SOC 2, GDPR, CCPA, PCI DSS, ISO 27001).

  • Familiarity with vendor risk management processes.

Skills:

  • A growth mindset, committed to ongoing learning and professional development in the GRC domain.

  • Ability to develop security standards and guidelines based on industry best practices.

  • Strong interpersonal, communication, and presentation skills, including experience with formal report writing.

  • Creative problem-solving and the ability to devise adaptive solutions for complex inquiries.

  • Ability to thrive in a fast-paced work environment while meeting deadlines.

  • Positive attitude, team-oriented, and a good sense of humor.

  • Strong collaboration skills and ability to work in a diverse, inclusive environment.

Belonging & Inclusion. Bitsight is proud to be an equal opportunity employer. This means we do not tolerate discrimination of any kind and are committed to providing equal employment opportunities regardless of your gender identity, race, nationality, religion, sexual orientation, status as a protected veteran, or status as an individual with a disability.

Culture. We put our people first. Bitsight offers best in class benefits. We devote the same energy to nurturing our company's inclusive culture as we apply to serving our customers' needs. Working at Bitsight will give you the opportunity to fulfill your professional goals and expand your skills.

Open-minded. If you got to this point, we hope you’re feeling excited about the job description you just read.  Even if you don’t feel that you meet every single requirement, we still encourage you to apply.  We’re eager to meet people that believe in Bitsight’s mission and can contribute to our team in a variety of ways.

Bitsight also provides reasonable accommodations to qualified individuals with disabilities or based on a sincerely held religious belief in accordance with applicable laws. If you need to inquire about a reasonable accommodation, or need assistance with completing the application process, please email recruiting@bitsight.com. This contact information is for accommodation requests only, and cannot be used to inquire about the status of applications.

Additional Information for United States of America Applicants:

Bitsight is committed to compliance with all fair employment practices regarding citizenship and immigration status.

Bitsight will not discharge, discipline or in any other manner discriminate against any employee or applicant for employment because such employee or applicant has inquired about, discussed, or disclosed the compensation of the employee or applicant or another employee or applicant.

Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.

Qualified applicants with criminal histories will be considered for employment consistent with applicable law.

This position may be considered a promotional opportunity pursuant to the Colorado Equal Pay for Equal Work Act.
Ready to apply?
APPLY
·

Related jobs

Portugal

Other jobs at Bitsight

We help you get seen. Not ignored.

We help you get seen faster — by the right people.

🚀

Auto-Apply

We apply for you — automatically and instantly.

Save time, skip forms, and stay on top of every opportunity. Because you can't get seen if you're not in the race.

AI Match Feedback

Know your real match before you apply.

Get a detailed AI assessment of your profile against each job posting. Because getting seen starts with passing the filters.

Upgrade to Premium. Apply smarter and get noticed.

Upgrade to Premium

Join thousands of professionals who got noticed and hired faster.