Entry Level GRC Analyst at Hotman Group

About the Role

Hotman Group is a boutique cybersecurity and GRC consulting firm doing meaningful work for clients who need GRC done right ranging from Fortune 1000 companies to high-growth startups. We are looking for a driven, detail-obsessed early-career professional who is ready to apply your professional foundation to real GRC consulting work and contribute to real client work from day one.

This is a full-time, remote, contract-to-hire position. Top performers move into permanent roles within 6 months.

What You Will Do

As an Entry Level GRC Analyst at Hotman Group you will work side by side with senior team members and partners to help our clients strengthen their cybersecurity and compliance programs. You will:

• Assess and improve client security and IT controls
• Develop policies, processes, and risk assessments aligned to top frameworks including NIST, ISO 27001, and SOC 2
• Crosswalk and harmonize controls across multiple compliance frameworks
• Document security requirements, support control implementation, and help track remediation progress
• Build risk registers, support assessments, and monitor remediation progress
• Work hands-on with GRC tools and contribute to solutions for complex client challenges
• Translate technical and regulatory requirements into clear, actionable steps for our clients
• Participate in peer review of deliverables before they go to clients — your work will be reviewed and you will review others

You will touch every aspect of cybersecurity and GRC work across multiple industries. Every engagement brings new challenges and new opportunities to grow.

What You Bring

• A Bachelor's or Graduate degree in Cybersecurity, Information Systems, or a related field
• 1 to 2 years of professional work experience -- this does not need to be in GRC or cybersecurity specifically, but it does need to be in a professional office or corporate environment. We are looking for candidates who have demonstrated reliability, communication, and accountability in a workplace setting
• Solid understanding of fundamental security and IT concepts including access controls, data retention, and change management
• Familiarity with major security and privacy frameworks including ISO, NIST, SOC 2, and HIPAA
• Strong critical thinking, organization, and communication skills
• Ability to balance multiple projects and deadlines with exceptional follow-through
• Technical aptitude -- you are curious, you learn fast, and you do not shy away from new tools
• A genuine interest in cybersecurity and a commitment to helping organizations build stronger, safer programs
• A solutions-first attitude -- you show up with curiosity and energy and you are not afraid to dive into the work
• The ability to think critically and execute with precision in a fast-paced, high-trust, low-ego environment
• A high level of ownership and accountability -- you communicate proactively and follow through without being managed closely
• A default toward communication — you keep the team informed, you acknowledge quickly, and you do not go dark on a deliverable or a client

Active pursuit of a relevant certification (Security+, CC, SSCP) is strongly preferred. If you are not currently studying for one, be prepared to explain why.

Requirements

• Located in the USA with permanent work authorization (no sponsorship of any kind now or in the future)
• Able to pass a background check
• A private, dedicated workspace with a door — client calls and confidential work require it

Our Hiring Process

Our process is designed to be straightforward but thorough. In addition to a written questionnaire and video responses, finalists will complete a practical skills assessment before advancing to a panel interview with our delivery team. The assessment is designed to reflect real GRC work. If you are serious about building a career in this field, it is your opportunity to show us what you can do.

Why Hotman Group

At Hotman Group we are not just another consulting firm. You will work alongside people who care about the craft and push each other to do better. No politics, no silos, no hierarchy between you and the people making decisions.

You will touch more GRC frameworks, more industries, and more client situations in one year here than most practitioners see in five. You will grow because the work demands it.

The clients you serve will actually notice your work. You are not a number on a headcount. Your name is on the deliverable.

If you want to do real GRC work, get better at it every day, and work with a team that holds itself to a high standard — this is the place.

No phone calls please.