GRC Analyst Resume Example

“GRC analyst with 4 years managing governance, risk, and compliance programs for technology companies. Experienced in SOC 2, ISO 27001, and GDPR compliance, with strong skills in risk assessment, policy development, and audit coordination across engineering and business stakeholders.”

• Managed the SOC 2 Type II compliance program across 200+ controls. Clean audit reports three years running with zero exceptions
• Did 50+ vendor risk assessments per year. Set up a tiered review process that cut assessment time by 40%
• Wrote and maintained 30+ security policies aligned with NIST CSF. 95% employee acknowledgment rate
• Set up Vanta for automated compliance monitoring. Evidence collection went from 200 hours to 20 hours per audit cycle
• Led the GDPR compliance initiative - data mapping, DPIAs, and privacy impact reviews across 15 data processing activities
• Responsible for maintaining the risk register and presenting quarterly risk reports to the security committee
• Worked with engineering to collect evidence for SOC 2 controls like change management, access reviews, and incident response
• Managed the security awareness training program. Ran phishing simulations monthly and tracked completion metrics
• Coordinated with external auditors during the annual audit. Scheduled interviews, gathered evidence, and tracked remediation items

Include these keywords in your resume to pass Applicant Tracking Systems.

• CRISC (Certified in Risk and Information Systems Control)
• CISA (Certified Information Systems Auditor)
• ISO 27001 Lead Auditor