With more than 225 branch offices across North America, Associa is building the future of community for nearly five million residents worldwide. Our 11,000+ team members lead the industry with unrivaled education, expertise, and trailblazing innovation. For more than 43 years, Associa has brought positive impact and meaningful value to communities. To learn more, visit www.associaonline.com.

\n \n Job Description

We are seeking a detail-oriented and analytically-minded GRC Analyst to join our Information Security team to drive governance, risk management, and compliance initiatives across our enterprise. This role is critical to our comprehensive security transformation program, supporting our alignment with NIST CSF 2.0, CIS Controls implementation, and various compliance frameworks including SOC 2, PCI DSS, and potential GDPR requirements.

\n

As part of our security organization supporting 10,000+ employees across multiple branch locations in the real estate and property management industry, this position will be instrumental in implementing our AI-based GRC platform, automating compliance processes, and ensuring consistent governance across all business units. The ideal candidate will have strong analytical skills, attention to detail, and the ability to translate complex regulatory requirements into actionable business processes.

\n

\n

Compliance Management and Monitoring

\n

Framework Implementation and Maintenance

\n\nLead implementation and maintenance of compliance frameworks including SOC 2 Type II, PCI DSS, and prepare for potential GDPR requirements\nSupport NIST CSF 2.0 alignment initiative by mapping current controls to framework requirements and identifying gaps\nImplement CIS Controls across the organization and maintain compliance monitoring processes\nDevelop and maintain compliance mapping documentation showing relationships between different frameworks\nCoordinate with external auditors and assessors for compliance validation activities\n\n

Evidence Collection and Management

\n\nDesign and implement automated evidence collection processes using the AI-based GRC platform\nEstablish and maintain evidence repositories with proper access controls and retention policies\nDevelop evidence collection workflows that integrate with existing security tools (XDR, SIEM, vulnerability scanners)\nCreate and maintain compliance dashboards showing real-time compliance status across all frameworks\nSupport audit activities by providing timely and accurate evidence packages\n\n

Continuous Monitoring and Reporting

\n\nImplement continuous compliance monitoring processes to identify control failures in real-time\nDevelop and maintain compliance metrics and KPIs aligned with business objectives\nCreate executive-level compliance dashboards and reporting for leadership and board presentations\nMonitor regulatory changes and assess impact on current compliance programs\nCoordinate compliance reporting across all branch locations and business units\n\n

Risk Management and Assessment

\n

Enterprise Risk Assessment

\n\nSupport bi-annual enterprise risk assessments by coordinating with business units and collecting risk data\nMaintain the enterprise risk register with current threat information, vulnerabilities, and control effectiveness\nDevelop risk assessment methodologies appropriate for real estate and property management operations\nCoordinate with business units to conduct business impact analyses and risk tolerance assessments\nSupport third-party risk assessments for vendors and service providers\n\n

Risk Monitoring and Reporting

\n\nImplement risk monitoring processes using automated tools and manual assessment techniques\nDevelop risk metrics and reporting that provide actionable insights to leadership\nCreate and maintain risk treatment plans with clear timelines, owners, and success criteria\nMonitor risk trends and emerging threats relevant to the real estate industry\nSupport incident response activities by providing risk context and impact analysis\n\n

Control Effectiveness Assessment

\n\nDesign and implement control testing programs to validate effectiveness of security controls\nCoordinate bi-annual security control testing initiatives across all business functions\nDevelop control testing methodologies that leverage automation where possible\nMaintain control effectiveness documentation and remediation tracking\nSupport management in making risk-based decisions about control investments and improvements\n\n

GRC Platform Management and Automation (20%)

\n

Platform Implementation and Administration

\n\nLead the implementation of the AI-based GRC platform, including configuration, integration, and user training\nDevelop automated workflows for compliance activities, risk assessments, and control testing\nIntegrate GRC platform with existing security tools to automate evidence collection and control monitoring\nMaintain platform configurations, user access controls, and data quality standards\nCoordinate with IT teams to ensure proper platform integration and data flows\n\n

Process Automation and Optimization

\n\nIdentify opportunities to automate manual GRC processes and implement efficiency improvements\nDevelop automated reporting and alerting capabilities for compliance and risk management activities\nCreate workflow automation for control testing, evidence collection, and remediation tracking\nImplement data analytics capabilities to identify trends and predictive insights\nSupport the security champions program by providing self-service GRC capabilities\n\n

Data Management and Analytics

\n\nEstablish data governance processes for GRC-related information\nDevelop analytics and reporting capabilities that provide actionable insights to stakeholders\nMaintain data quality standards and implement data validation processes\nCreate predictive analytics models to identify potential compliance issues before they occur\nSupport decision-making with data-driven recommendations and trend analysis\n\n

Policy and Documentation Management (15%)

\n

Policy Development and Maintenance

\n\nSupport the development and annual review of security policies aligned with compliance requirements\nCreate and maintain policy implementation guides and procedures for business units\nDevelop policy compliance monitoring processes and exception management workflows\nCoordinate policy awareness training and ensure consistent implementation across all locations\nMaintain policy version control and change management processes\n\n

Documentation and Knowledge Management

\n\nCreate and maintain comprehensive GRC documentation including procedures, work instructions, and training materials\nDevelop knowledge management processes to capture and share GRC expertise across the organization\nMaintain regulatory and framework libraries with current requirements and guidance\nCreate training materials and documentation for the security champions program\nSupport knowledge transfer and cross-training initiatives within the security team\n\n Requirements

Experience

\n\n3+ years of experience in governance, risk management, compliance, or audit roles\n2+ years hands-on experience with compliance frameworks (SOC 2, ISO 27001, NIST, PCI DSS, etc.)\nExperience with GRC platforms/tools (Drata, Vanta, ServiceNow GRC, Archer)\nBackground in risk assessment methodologies and control testing procedures\n\n

Technical Skills

\n

GRC and Compliance Tools

\n\nGRC Platforms: Experience with enterprise GRC platforms and workflow automation\nAudit Tools: Knowledge of audit management systems and evidence collection tools\nRisk Assessment: Familiarity with quantitative and qualitative risk assessment methodologies (FAIR)\nDocumentation: Advanced proficiency with documentation and process mapping tools\nAnalytics: Experience with data analysis tools (Excel, Power BI, or similar)\n\n

Frameworks and Standards

\n\nCompliance Frameworks: Working knowledge of SOC 2, ISO 27001, NIST CSF, PCI DSS, GDPR\nControl Frameworks: Understanding of COSO Internal Controls, CIS Controls, NIST 800-53\n\n

Technical Competencies

\n\nData Analysis: Proficiency in data analysis, statistical methods, and trend identification\nProcess Improvement: Experience with process mapping, workflow optimization, and automation\nProject Management: Basic project management skills and familiarity with project management tools\nCommunication: Strong written and verbal communication skills for various stakeholder audiences\n\n

Certifications (Preferred)

\n\nGRC-Specific: Certified GRC Professional (GRCP), OCEG GRC Capability Model\nRisk Management: Certified Risk Management Professional (CRMP), Professional Risk Manager (PRM)\nCompliance: Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA)\nPrivacy: Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM)\n\n

Preferred Qualifications

\n

Advanced Experience

\n\nExperience supporting board-level risk and audit committee reporting\nPrevious experience with security program transformation or maturity improvement initiatives\n\n

Technical Expertise

\n\nAdvanced knowledge of automation and workflow development\nExperience with API integrations and data connectivity solutions\nKnowledge of machine learning/AI applications in GRC and compliance monitoring\nExperience with cloud compliance and security frameworks\n\n

Leadership and Communication

\n\nExperience training and mentoring staff on GRC concepts and procedures\nStrong presentation and communication skills\nExperience developing and delivering compliance training programs\nBackground in change management and organizational transformation\n\n

Key Competencies

\n

Analytical and Technical Competencies

\n\nCritical Thinking: Ability to analyze complex compliance requirements and translate them into actionable processes\nAttention to Detail: Meticulous attention to detail in documentation, evidence collection, and control testing\nData Analysis: Strong analytical skills to identify trends, gaps, and improvement opportunities\nProcess Orientation: Systematic approach to developing and maintaining consistent processes\nTechnology Aptitude: Comfort with technology tools and ability to learn new platforms quickly\n\n

Professional Competencies

\n\nCommunication: Excellent written and verbal communication skills with ability to explain complex concepts clearly\nStakeholder Management: Ability to work effectively with diverse stakeholders across all organizational levels\nAdaptability: Flexibility to work in a dynamic environment with changing regulatory requirements\nInitiative: Self-motivated with ability to work independently and identify improvement opportunities\nCollaboration: Strong teamwork skills and ability to coordinate cross-functional initiatives\n
\n

We are an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity or expression, pregnancy, age, national origin, disability status, genetic information, protected veteran status, or any other characteristic protected by law.