Principal GRC Analyst-Remote

Apetan Consulting LLC
Los Angeles, US
Remote

Job Description

Role: Principal GRC Analyst (Governance, Risk & Compliance) (GRC) (Hands-on) Location: 100% Remote (It’s a bonus if they live in Los Angeles, near Vernon, CA), but remote is fine.

~10% travel to manufacturing plants, data centers, and corporate offices for audits, walkthroughs, and stakeholder workshops. Visa: USC or GC or GC EAD only

Duration: +12 Months contract Interview: Video Back open … new notes from the IT GRC Director. They want fresh candidates that are NOT “Audit focused.” Previous candidates were all audit focused;

that’s not the right fit.

  • Communication skills are EXTREMELY IMPORTANT - Clear, concise communication—able to translate technical risk for non‑technical stakeholders and produce executive‑ready content
  • Forgent Power has purchased 3 other companies. Now, all the companies are margining into 1 entity. This GRC environment is still not fully built out yet …
  • They need someone that has been in “under-developed environments or not fully built out environments”, to come in and Lead the build-out of Compliance programs, Risk programs and related. Someone that is great with ISO 27001, SOX and ISMS.

{Required! Must send the Month and day of the Birthday & last 4 SSN with ALL submissions }

  • Send LinkedIn Links
  • W2 only!
  • 4-page max resumes
  • …………MUST HAVE’s ………

{ Make sure all this below is in the resume, in the job description for the last 9 years}

Must have –

  • Certifications: Must have at least 1 of these Certifications; ISO/IEC 27001 Lead Implementer or Internal Auditor, or CISA, CRISC, CISM/CISSP
  • 9 + years’ experience as a Senior GRC Analyst (Governance, Risk & Compliance) going into lead-level experience in IT Audit/Controls, GRC, and Information Security Risk, including executing ISO 27001 and SOX control activities.
  • 7+ years Hands‑on ISMS work (SoA upkeep, internal audit coordination, corrective actions, awareness/training support).
  • Maintain the ISMS operating programs: scope updates, risk assessments, Statement of Applicability (SoA) maintenance, corrective action tracking, and surveillance/certification readiness.
  • Draft, update, and socialize policies/standards/procedures
  • Risk Management (IT & OT) - Maintain cross‑framework mappings (ISO 27001, NIST CSF/800‑53, CIS Controls, SOC 2) to ensure clear control coverage and traceability.
  • 5+ years’ experience in SOX 404 involvement across IAM, change management, computer operations, and application controls (RCM maintenance, testing, and remediation tracking) in ERP (SAP/Oracle) and key applications.
  • Practical use of GRC/IRM platforms (OneTrust, Drata/Vanta) and integrations with IAM (SailPoint/Saviynt/Okta), CMDB, SIEM, ticketing, and vulnerability management tools.
  • Below - Should be talked about in a least the first 2 most recent jobs on the resume
  • Governance & ISMS Operations (ISO/IEC 27001)
  • Maintain the ISMS operating rhythm: scope updates, risk assessments, Statement of Applicability (SoA) maintenance, corrective action tracking, and surveillance/certification readiness.
  • Draft, update, and socialize policies/standards/procedures (access control, change management, vulnerability management, secure SDLC, incident response, data retention/supplier security).
  • Prepare decision‑ready materials and follow‑ups for governance forums (Risk & Compliance Steering Committee, CAB, ISO Management Review).

Overview -

We are a $1 Billion+ company and rapidly growing in the manufacturing sector, seeking an experienced Principal GRC Lead Analyst

Hiring a hands‑on

Principal GRC Analyst

to execute and

continuously improve our governance, risk, and compliance program across IT and OT environments

.

You will run day‑to‑day

ISMS operations, drive SOX IT control execution, lead access certification cycles using a hybrid reviewer model

, mature third‑party risk, and advance continuous control monitoring.

This is a senior

individual contributor role designed

for candidates with

Senior and Principal years

of

high‑impact GRC experience

who can

lead complex workstreams, mentor teammates, and coordinate vendors—without formal people management.

Key Responsibilities

Governance & ISMS Operations (ISO/IEC 27001)

  • Maintain the ISMS operating rhythm: scope updates, risk assessments, Statement of Applicability (SoA) maintenance, corrective action tracking, and surveillance/certifica

Skills & Requirements

Technical Skills

Iso 27001SoxIsmsGrcInformation security riskIt audit/controlsStatement of applicability (soa) maintenanceCorrective action trackingSurveillance/certification readinessPolicies/standards/proceduresCross-framework mappingsIamChange managementComputer operationsApplication controlsRcm maintenanceTestingRemediation trackingGrc/irm platformsIntegrations with iamCmdbSiemTicketingVulnerability management toolsCommunicationTechnical risk translationExecutive content productionIso/iec 27001 lead implementerIso/iec 27001 internal auditorCisaCriscCismCisspGovernanceRisk & complianceIt auditInformation securityCompliance programsRisk programs

Employment Type

CONTRACT

Level

Mid-Level

Posted

4/24/2026

Apply Now

You will be redirected to Apetan Consulting LLC's application portal.