GRC Analyst

Job Overview

We are seeking a skilled GRC Analyst to join our Governance, Risk, and Compliance team. The GRC Analyst will be responsible for supporting the implementation, maintenance, and optimization of GRC programs using the OneTrust GRC platform, with hands-on experience in risk assessment, control management, compliance monitoring, audit support, and reporting. The role requires strong technical proficiency in OneTrust for managing policies, risks, audits, and workflows, along with familiarity with other GRC platforms to support enterprise clients in achieving regulatory compliance and risk management objectives.

Key Responsibilities

• OneTrust GRC Platform Operations: Configure, administer, and optimize OneTrust GRC platform including risk assessments, policy management, control mapping, audit workflows, and automated notifications using OneTrust Athena AI for intelligent risk identification and remediation.
• Risk Management: Conduct risk assessments, maintain risk registers, track key risk indicators (KRIs), and implement risk treatment plans with automated workflows and stakeholder task assignments in OneTrust.
• Compliance Monitoring: Map controls to frameworks (ISO 27001, SOC 2, GDPR, PCI DSS), monitor compliance status, manage evidence collection, and generate compliance reports and dashboards.
• Audit and Assessment Support: Support internal and external audits by managing audit workflows, collecting evidence, tracking findings, and facilitating remediation using OneTrust's audit management capabilities.
• Policy and Control Management: Develop, review, and maintain security policies, standards, and procedures; map controls across multiple frameworks; and distribute policies with role-based access controls.​
• Third-Party Risk Management: Manage vendor assessments, questionnaires, and third-party risk monitoring using OneTrust's integrated workflows and risk scoring features.​
• Platform Administration: Manage user roles, permissions, organizational hierarchies, SSO integration (SAML 2.0), SCIM provisioning, and custom workflows in OneTrust GRC.​
• Reporting and Analytics: Create custom reports, dashboards, and executive summaries on risk posture, compliance status, audit findings, and KRI trends using OneTrust analytics.​
• Cross-Platform Experience: Support integration and migration activities involving other GRC platforms such as RSA Archer, ServiceNow GRC, MetricStream, LogicGate, or Diligent for client engagements.
• Stakeholder Support: Respond to customer security questionnaires (SIG, CAIQ), due diligence requests, and compliance inquiries; collaborate with IT, InfoSec, Legal, and business teams.

QualificationsExperience

2–3 years of hands-on experience in GRC operations, compliance, risk management, or information security with demonstrated proficiency in OneTrust GRC platform administration and configuration.

Technical Skills

• Advanced hands-on experience with OneTrust GRC platform including risk management, audit management, policy management, control mapping, workflows, and Athena AI automation.
• Familiarity with other GRC platforms such as RSA Archer, ServiceNow GRC, MetricStream, LogicGate Risk Cloud, or Diligent GRC.
• Experience with compliance frameworks including ISO 27001, SOC 2, GDPR, PCI DSS, NIST, and privacy regulations.
• Proficiency in risk assessment methodologies, control frameworks, and evidence management.
• Knowledge of SSO (SAML 2.0), SCIM, role-based access controls (RBAC), and API integrations.​
• Strong Excel skills for risk registers, reporting, and data analysis.

Preferred Certifications

• OneTrust Certified GRC Administrator or OneTrust GRC User Certification
• Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC)
• ISO 27001 Lead Implementer/Auditor
• Certified Data Privacy Solutions Engineer (CDPSE)
• CompTIA Security+ or equivalent

Education

Bachelor's degree in Computer Science, Information Security, Cybersecurity, Business Administration, or a related field.

Soft Skills

• Strong analytical and problem-solving skills for risk identification and compliance gap analysis.
• Excellent written and verbal communication for policy documentation and stakeholder interactions.
• Detail-oriented with ability to manage multiple tasks and deadlines.
• Collaborative team player comfortable working with cross-functional teams.

Additional Requirements

• Experience responding to customer security questionnaires and due diligence requests.
• Understanding of GRC maturity models and continuous improvement processes.
• Ability to work in fast-paced consulting environment supporting multiple client engagements.

Resume Information

How to Apply

Email your resume to job2026@thefourthcommand.com
Subject: FC_GRC_ANALYST_[YOUR NAME]_RESUME

Resume Requirements

• OneTrust GRC hands-on experience with specific modules used (risk, audit, policy, etc.).
• List of GRC platforms administered (OneTrust primary, others secondary).
• Compliance frameworks implemented or supported.
• Relevant certifications with dates.
• Passport size photo (mandatory).

Incomplete applications will not be considered.

Job Type: Full-time

Pay: AED300,000.00 - AED800,000.00 per year

Work Location: In person