Governance, Risk, and Compliance (GRC) Analyst

Osaic is a company that focuses on IT Governance, Risk, and Compliance operations. The IT GRC Analyst I role is responsible for supporting IT risk and control management, regulatory compliance, and audit readiness, while collaborating with various teams to maintain compliance with organizational policies. Responsibilities Assist with IT risk and control management by managing the IT risk register, performing risk assessments, documenting IT controls, tracking issues and exceptions, and supporting issue remediation activities Support audit readiness activities prior to formal audits by validating IT control compliance, identifying gaps, and preparing documentation to ensure systems and processes meet regulatory and internal requirements Coordinate audit evidence gathering during active audits by managing evidence requests, collecting and organizing documentation from stakeholders, and ensuring timely delivery to internal and external auditors Contribute to vendor risk management processes by helping review vendor questionnaires, monitor risk ratings, and track remediation actions Assist with technical product risk management by maintaining an inventory of in-house and third-party products, performing or supporting technical product risk assessments, identifying issues and defining action plans, and evaluating product maturity to ensure alignment with security and compliance standards Help maintain IT risk registers and compliance records in the Osaic IT GRC platform Assist with cybersecurity governance reporting and metrics by compiling data on control effectiveness, risk trends, and compliance status for leadership dashboards Support exception management processes by tracking approvals, documenting compensating controls, and monitoring aging of exceptions Maintain and update Osaic’s IT policies to ensure they remain current, accurate, and aligned with regulatory and organizational requirements Assist with security awareness and training initiatives by supporting the development and delivery of programs that promote adherence to policies and best practices across the organization Provide backup coverage for other IT GRC analysts to ensure continuity across IT GRC domains Perform additional IT GRC responsibilities as assigned to support team objectives and compliance obligations Skills Bachelor's degree preferred; high school diploma (or equivalent) in combination with significant experience will be considered in lieu of degree Minimum of high school diploma or equivalent is required 1–3 years of experience in IT, cybersecurity, or compliance Basic understanding of IT risk management, regulatory frameworks, and audit principles Strong organizational and documentation skills with attention to detail Ability to learn quickly and adapt across multiple GRC domains Good communication skills and ability to work in a team environment Familiarity with GRC platforms Experience supporting IT governance processes and creating governance metrics or dashboards for reporting to leadership or audit committees Exposure to regulatory frameworks such as NYDFS, SEC Reg S-P, or NIST CSF Experience with vendor risk management or third-party risk processes Strong analytical skills for interpreting risk and compliance data Professional certifications such as CompTIA Security+, CRISC, or similar are a plus Benefits Health, vision, dental insurance 401k Paid time away Volunteer days Company Overview Osaic provides the support, resources, and community designed for the future of wealth management. It was founded in 2016, and is headquartered in Phoenix, Arizona, USA, with a workforce of 1001-5000 employees. Its website is