Description : About the job
Role : GRC Business Analyst
Experience : 3-6 years in Governance, Risk, and Compliance (GRC)
Role Type : Mid-Level (Consulting / Implementation)
Job type : Contract (6 months with extension)
Job Overview :
We are seeking a highly skilled GRC Business Analyst with deep expertise in Governance, Risk, and Compliance frameworks such as ISO 27001, NIST RMF, and COBIT.
The ideal candidate will act as a functional SME in helping clients define their GRC Baselines, Business Processes, Risk and Control Lifecycles, and Reporting Frameworks while leading the implementation of IBM OpenPages GRC across domains like IT Governance, Operational Risk, Compliance, and Enterprise Risk Management.
This role requires strong analytical, process-oriented, and client-facing capabilities to bridge business requirements with GRC solution design and ensure end-to-end implementation excellence.
Key Responsibilities :
Process Definition and Lifecycle Management :
- Lead end-to-end process design workshops with business and technical stakeholders.
- Define process flows, ownership structures, control points, approval stages, and integration touchpoints for each GRC domain.
- Translate complex business and regulatory requirements into structured GRC workflows and lifecycle models in OpenPages.
- Ensure all process designs are aligned with ISO 27001, NIST RMF, COBIT, and other best-practice frameworks.
Baseline Definition, Flow, and Lifecycle :
Define and establish GRC baseline frameworks including risk taxonomies, control libraries, policy baselines, and compliance mappings.Design the baseline creation, approval, review, and update lifecycle, ensuring governance and auditability.Maintain consistent baseline alignment across business units and risk domains within OpenPages.Risk Assessment and Management Lifecycle :
Define and operationalize Risk Identification, Assessment, Evaluation, Mitigation, and Monitoring processes.Develop risk scoring models, thresholds, and linkage between risks, controls, issues, and action plans.Configure risk and control workflows in OpenPages to automate periodic reviews, control testing, and remediation activities.Provide business guidance for implementing Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) for enterprise reporting.Enterprise Reporting and Workflow in GRC :
Define enterprise-level reporting requirements across risk, compliance, and governance domains.Collaborate with reporting specialists to design dashboards, risk heat maps, and executive summaries within OpenPages.Streamline workflow automation to ensure timely escalations, approvals, and task assignments.Support the development of end-to-end GRC lifecycle reports-from data capture to final executive reporting.Implementation Support and SME Advisory :
Work closely with technical teams to align business and configuration requirements.Participate in fit-gap analysis, UAT design, and functional validation of implemented modules.Deliver user documentation, SOPs, and training to ensure smooth adoption.Act as a trusted advisor to clients on GRC maturity, governance structures, and continuous improvement opportunities.Required Skills and Qualifications :
3-6 years of experience in Governance, Risk, and Compliance, preferably in consulting or enterprise implementation roles.Deep understanding of ISO 27001, NIST RMF, COBIT, or similar GRC frameworks.Proven experience in :1. Process definition and lifecycle management
2. Baseline framework design and control libraries
3. Risk assessment and management lifecycle design
4. GRC enterprise reporting and workflow orchestration
Familiarity with IBM OpenPages GRC or similar platforms (RSA Archer, ServiceNow GRC, MetricStream, etc.Strong documentation, analytical, and client engagement skills.Excellent communication and presentation abilities.Preferred Qualifications
Hands-on experience implementing or supporting IBM OpenPages GRC.Professional certifications such as ISO 27001 Lead Implementer / Auditor, NIST RMF Practitioner, CRISC, or CGEIT.Exposure to Operational Risk, IT Governance, Compliance, and Third-Party Risk Management domains.Experience designing KRI / KPI frameworks and executive-level risk dashboards(ref : hirist.tech)
