GRC Security Analyst

Job Description

An oil and gas client is hiring an IT Analyst, Security GRC to support and mature internal Governance, Risk & Compliance (GRC) processes across both IT and OT environments. This is a hands-on, internal-facing role on a small team, where the analyst will own the OneTrust GRC platform, manage the policy lifecycle, support internal audits, and help operationalize industry frameworks such as NIST CSF, NIST 800-82, TSA Security Directives, and MTSA.

The ideal candidate is self-motivated, reliable, and comfortable working with minimal oversight while supporting a broad range of IT governance needs.

We are a company committed to creating diverse and inclusive environments where people can bring their full, authentic selves to work every day. We are an equal opportunity/affirmative action employer that believes everyone matters. Qualified candidates will receive consideration for employment regardless of their race, color, ethnicity, religion, sex (including pregnancy), sexual orientation, gender identity and expression, marital status, national origin, ancestry, genetic factors, age, disability, protected veteran status, military or uniformed service member status, or any other status or characteristic protected by applicable laws, regulations, and ordinances. If you need assistance and/or a reasonable accommodation due to a disability during the application or recruiting process, please send a request to [email protected] learn more about how we collect, keep, and process your private information, please review Insight Global's Workforce Privacy Policy:

Skills and Requirements

Experience in critical infrastructure (pipeline, energy, utilities).

Exposure to OT systems or OT cybersecurity.

Prior ownership of a GRC platform (any tool).

Experience supporting audits or compliance activities. 3-5 years of Governance, Risk & Compliance experience (IT or OT).

Background in IT environments (security experience is a strong plus).

Experience with any GRC platform (OneTrust preferred; training available).

Working knowledge of core frameworks:

NIST CSF

NIST 800-82 (OT) - nice to have

TSA SD2, MTSA - big plus

Strong documentation and writing/editing skills.

Highly self-motivated; comfortable in a small team with minimal oversight.

One of the following certificates: Sec+, SANS, ISACA, CompTIA