Job Description

Join to apply for the GRC Analyst role at Associa

Join to apply for the GRC Analyst role at Associa

With more than 225 branch offices across North America, Associa is building the future of community for nearly five million residents worldwide. Our 11,000+ team members lead the industry with unrivaled education, expertise, and trailblazing innovation. For more than 43 years, Associa has brought positive impact and meaningful value to communities. To learn more, visit

Job Description

We are seeking a detail-oriented and analytically-minded GRC Analyst to join our Information Security team to drive governance, risk management, and compliance initiatives across our enterprise. This role is critical to our comprehensive security transformation program, supporting our alignment with NIST CSF 2.0, CIS Controls implementation, and various compliance frameworks including SOC 2, PCI DSS, and potential GDPR requirements.

As part of our security organization supporting 10,000+ employees across multiple branch locations in the real estate and property management industry, this position will be instrumental in implementing our AI-based GRC platform, automating compliance processes, and ensuring consistent governance across all business units. The ideal candidate will have strong analytical skills, attention to detail, and the ability to translate complex regulatory requirements into actionable business processes.

Compliance Management and Monitoring

Framework Implementation and Maintenance

• Lead implementation and maintenance of compliance frameworks including SOC 2 Type II, PCI DSS, and prepare for potential GDPR requirements
• Support NIST CSF 2.0 alignment initiative by mapping current controls to framework requirements and identifying gaps
• Implement CIS Controls across the organization and maintain compliance monitoring processes
• Develop and maintain compliance mapping documentation showing relationships between different frameworks
• Coordinate with external auditors and assessors for compliance validation activities

Evidence Collection and Management

• Design and implement automated evidence collection processes using the AI-based GRC platform
• Establish and maintain evidence repositories with proper access controls and retention policies
• Develop evidence collection workflows that integrate with existing security tools (XDR, SIEM, vulnerability scanners)
• Create and maintain compliance dashboards showing real-time compliance status across all frameworks
• Support audit activities by providing timely and accurate evidence packages

Continuous Monitoring and Reporting

• Implement continuous compliance monitoring processes to identify control failures in real-time
• Develop and maintain compliance metrics and KPIs aligned with business objectives
• Create executive-level compliance dashboards and reporting for leadership and board presentations
• Monitor regulatory changes and assess impact on current compliance programs
• Coordinate compliance reporting across all branch locations and business units

Risk Management and Assessment

Enterprise Risk Assessment

• Support bi-annual enterprise risk assessments by coordinating with business units and collecting risk data
• Maintain the enterprise risk register with current threat information, vulnerabilities, and control effectiveness
• Develop risk assessment methodologies appropriate for real estate and property management operations
• Coordinate with business units to conduct business impact analyses and risk tolerance assessments
• Support third-party risk assessments for vendors and service providers

Risk Monitoring and Reporting

• Implement risk monitoring processes using automated tools and manual assessment techniques
• Develop risk metrics and reporting that provide actionable insights to leadership
• Create and maintain risk treatment plans with clear timelines, owners, and success criteria
• Monitor risk trends and emerging threats relevant to the real estate industry
• Support incident response activities by providing risk context and impact analysis

Control Effectiveness Assessment

• Design and implement control testing programs to validate effectiveness of security controls
• Coordinate bi-annual security control testing initiatives across all business functions
• Develop control testing methodologies that leverage automation where possible
• Maintain control effectiveness documentation and remediation tracking
• Support management in making risk-based decisions about control investments and improvements

GRC Platform Management and Automation (20%)

Platform Implementation and Administration

• Lead the implementation of the AI-based GRC platform, including configuration, integration, and user training
• Develop automated workflows for compliance activities, risk assessments, and control testing
• Integrate GRC platform with existing security tools to automate evidence collection and control monitoring
• Maintain platform configurations, user access controls, and data quality standards
• Coordinate with IT teams to ensure proper platform integration and data flows

Process Automation and Optimization

• Identify opportunities to automate manual GRC processes and implement efficiency improvements
• Develop automated reporting and alerting capabilities for compliance and risk management activities
• Create workflow automation for control testing, evidence collection, and remediation tracking
• Implement data analytics capabilities to identify trends and predictive insights
• Support the security champions program by providing self-service GRC capabilities

Data Management and Analytics

• Establish data governance processes for GRC-related information
• Develop analytics and reporting capabilities that provide actionable insights to stakeholders
• Maintain data quality standards and implement data validation processes
• Create predictive analytics models to identify potential compliance issues before they occur
• Support decision-making with data-driven recommendations and trend analysis

Policy and Documentation Management (15%)

Policy Development and Maintenance

• Support the development and annual review of security policies aligned with compliance requirements
• Create and maintain policy implementation guides and procedures for business units
• Develop policy compliance monitoring processes and exception management workflows
• Coordinate policy awareness training and ensure consistent implementation across all locations
• Maintain policy version control and change management processes

Documentation and Knowledge Management

• Create and maintain comprehensive GRC documentation including procedures, work instructions, and training materials
• Develop knowledge management processes to capture and share GRC expertise across the organization
• Maintain regulatory and framework libraries with current requirements and guidance
• Create training materials and documentation for the security champions program
• Support knowledge transfer and cross-training initiatives within the security team

Requirements

Experience

• 3+ years of experience in governance, risk management, compliance, or audit roles
• 2+ years hands-on experience with compliance frameworks (SOC 2, ISO 27001, NIST, PCI DSS, etc.)
• Experience with GRC platforms/tools (Drata, Vanta, ServiceNow GRC, Archer)
• Background in risk assessment methodologies and control testing procedures

Technical Skills

GRC and Compliance Tools

• GRC Platforms: Experience with enterprise GRC platforms and workflow automation
• Audit Tools: Knowledge of audit management systems and evidence collection tools
• Risk Assessment: Familiarity with quantitative and qualitative risk assessment methodologies (FAIR)
• Documentation: Advanced proficiency with documentation and process mapping tools
• Analytics: Experience with data analysis tools (Excel, Power BI, or similar)

Frameworks and Standards

• Compliance Frameworks: Working knowledge of SOC 2, ISO 27001, NIST CSF, PCI DSS, GDPR
• Control Frameworks: Understanding of COSO Internal Controls, CIS Controls, NIST 800-53

Technical Competencies

• Data Analysis: Proficiency in data analysis, statistical methods, and trend identification
• Process Improvement: Experience with process mapping, workflow optimization, and automation
• Project Management: Basic project management skills and familiarity with project management tools
• Communication: Strong written and verbal communication skills for various stakeholder audiences

Certifications (Preferred)

• GRC-Specific: Certified GRC Professional (GRCP), OCEG GRC Capability Model
• Risk Management: Certified Risk Management Professional (CRMP), Professional Risk Manager (PRM)
• Compliance: Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)
• Privacy: Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM)

Preferred Qualifications

Advanced Experience

• Experience supporting board-level risk and audit committee reporting
• Previous experience with security program transformation or maturity improvement initiatives

Technical Expertise

• Advanced knowledge of automation and workflow development
• Experience with API integrations and data connectivity solutions
• Knowledge of machine learning/AI applications in GRC and compliance monitoring
• Experience with cloud compliance and security frameworks

Leadership and Communication

• Experience training and mentoring staff on GRC concepts and procedures
• Strong presentation and communication skills
• Experience developing and delivering compliance training programs
• Background in change management and organizational transformation

Key Competencies

Analytical and Technical Competencies

• Critical Thinking: Ability to analyze complex compliance requirements and translate them into actionable processes
• Attention to Detail: Meticulous attention to detail in documentation, evidence collection, and control testing
• Data Analysis: Strong analytical skills to identify trends, gaps, and improvement opportunities
• Process Orientation: Systematic approach to developing and maintaining consistent processes
• Technology Aptitude: Comfort with technology tools and ability to learn new platforms quickly

Professional Competencies

• Communication: Excellent written and verbal communication skills with ability to explain complex concepts clearly
• Stakeholder Management: Ability to work effectively with diverse stakeholders across all organizational levels
• Adaptability: Flexibility to work in a dynamic environment with changing regulatory requirements
• Initiative: Self-motivated with ability to work independently and identify improvement opportunities
• Collaboration: Strong teamwork skills and ability to coordinate cross-functional initiatives

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.

Seniority level

• Seniority level

  Entry level

Employment type

• Employment type

  Full-time

Job function

• Job function

  Business Development and Sales

Referrals increase your chances of interviewing at Associa by 2x

Sign in to set job alerts for Analyst roles.

Entry level associate - Dallas (February '25 Start Date)

Dallas, TX $60,000.00-$70,000.00 2 weeks ago

Dallas, TX $100,000.00-$120,000.00 3 weeks ago

Process Improvement and Business Intelligence Analyst

Dallas, TX $75,000.00-$85,000.00 3 weeks ago

Asset & Wealth Management, Private Credit, COO Team, Analyst

Dallas, TX $100,000.00-$120,000.00 3 weeks ago

Analyst/Sr Analyst, Revenue Management Operations Research

Analyst/Sr Analyst, Revenue Management Market Analysis

Dallas, TX $80,000.00-$90,000.00 2 weeks ago

Dallas, TX $75,000.00-$120,000.00 3 days ago

Were unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.

#J-18808-Ljbffr

Job Tags

Full time, Worldwide,

Similar Jobs