Remote Security, Governance, Risk, and Compliance Analyst

Position Responsibilities:

Coordinate internal and external assessments by gathering documentation, tracking action items, and facilitating communication between stakeholders across Security, IT, Legal, and business units
Track and drive awareness of compliance findings by maintaining documentation, following up with responsible parties, and updating status reports
Manage intake and response processes for customer security questionnaires and external assessments, ensuring timely and accurate submissions
Support day-to-day security compliance activities by assisting with the validation of technical and procedural controls across infrastructure, systems, and user access to ensure alignment with organizational security requirements and standards
Assist in building and documenting security compliance processes that are tool-agnostic, with an emphasis on automation, scalability, and adaptability to evolving GRC platforms or technologies
Assist in conducting control assessments and evaluations to support compliance with internal policies and external frameworks such as CIS, ISO, and NIST
Travel occasionally based on business needs
Other projects or duties as assigned

Required Education and Experience:

Bachelor's Degree and 2 to 4 years of experience working in a security-focused compliance role or High School Diploma/General Education Degree (GED) and 5 to 7 plus years of experience working in a security role involving risk assessment and/or security compliance/testing.
Ability to communicate complex security and compliance concepts to a wide range of stakeholders—from technical teams and individual contributors to senior leadership—tailoring messaging to suit the audience’s level of expertise and decision-making needs. Reyes Holdings values a culture of collaboration and synergy amongst technical and non-technical teams.

Preferred Education and Experience:

Experience with security and compliance frameworks such as CIS Critical Security Controls, ISO 27001, SOC 2, NIST 800-53, ISA/IEC 62443.
Participation in internal or external audits, including evidence collection, remediation tracking, and audit readiness activities.
Experience with GRC platforms for managing compliance workflows, evidence & issue tracking, and reporting.
Experience with Operational Technology (OT) and/or Cloud environments.
Familiarity with data visualization or reporting tools (e.g., Power BI, Tableau, Alteryx, Excel) to support compliance reporting.
Understanding of identity and access management (IAM) concepts, including user access review and account lifecycle governance.
Industry certifications: Security+, SSCP, ISC2 CC, CISA, CRISC, CISSP, or another equivalent are a plus.

Similar jobs