Job Description
Job DescriptionAqueduct Technologies is seeking a GRC Analyst to join our Governance, Risk, and Compliance (GRC) team. Reporting directly to the Director of GRC, this role plays a pivotal part in designing, executing, and maturing our clients’ security and compliance programs. This is an analyst to mid level position designed for a GRC professional who is ready to take ownership of key workstreams while continuing to develop under senior leadership guidance. You will work directly with clients in a consulting environment, contributing to meaningful security improvements across diverse industries. As part of our growing GRC practice, you will:- Support and progressively lead client compliance engagements- Contribute to the development of Aqueduct’s GRC service offerings- Assist with internal compliance initiatives and audit readiness activitiesCore Responsibilities:
- Compliance Readiness and Assessments:
- Support and conduct readiness assessments aligned to frameworks such as NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS, and CMMC
- Identify control gaps and provide practical, risk based remediation recommendations
- Assist clients in preparing for external audits and certification efforts
Risk Assessments:
- Perform organizational risk assessments and document risk findings
- Evaluate control effectiveness and recommend mitigation strategies aligned with business objectives
- Maintain risk registers and support risk reporting processes
Third Party Risk Management:
- Conduct vendor risk assessments and due diligence reviews
- Support the development and maintenance of third party risk programs
- Assist with ongoing monitoring activities and documentation
Client Reporting and Communication:
- Prepare clear, structured reports summarizing findings, risks, and recommended actions
- Present results to client stakeholders with guidance from senior team members
- Translate technical findings into business relevant insights
Collaboration and Internal Support:
- Work closely with security operations, engineering, and account teams to align GRC initiatives
- Support internal compliance initiatives including SOC 2 readiness and audit activities
- Contribute to documentation development, templates, and process improvement efforts
Professional Development:
- Stay current on evolving cybersecurity risks, regulatory requirements, and industry standards
- Expand expertise across multiple frameworks and advisory domains
Required Skills & Qualifications:
- Core Competencies:
- Strong written and verbal communication skills
- Analytical thinking and attention to detail
- Ability to manage multiple client workstreams in a consulting environment
- Professional presence in client facing situations
Technical and Compliance Experience:
- Experience supporting or conducting assessments across one or more major frameworks such as NIST CSF, ISO 27001, SOC 2, HIPAA, PCI DSS, or CMMC
- Working knowledge of risk assessment methodologies
- Familiarity with third party risk management concepts and processes
- Foundational understanding of Zero Trust principles and modern security architecture concepts
Professional Background:
- 3 or more years of experience in information security with exposure to GRC functions
- Experience in consulting, advisory, or managed services environments preferred
- Experience with GRC platforms such as ServiceNow GRC, Archer, Drata, Vanta, or similar tools is a plus
Certifications:
- One or more of the following certifications is preferred but not required:
- CISA
- CISM
- CRISC
- CISSP
- CCSP
Work Model:
- Ability to work in a hybrid model in the Canton, MA area
- Willingness to travel locally for client engagements as needed
Growth Opportunity
- This role offers a clear path toward Senior GRC Consultant responsibilities. Analysts who demonstrate strong client delivery, technical depth, and engagement ownership will have opportunities to lead larger assessments, mentor junior team members, and expand into broader advisory engagements.
Aqueduct Technologies is committed to developing a diverse and talented team. We celebrate and support diversity and are committed to making an inclusive environment for all employees and applicants including women, minorities, individuals with disabilities, members of the LGBTQIA community, veterans, and any other legally protected group. We are an Equal Opportunity Employer and do not discriminate against any employee or applicant on the basis of any status protected by federal, state, or local laws. Aqueduct Technologies is one of the largest IT solutions providers in the US, recognized for our relentless pursuit of customer satisfaction, our corporate culture, technology leadership, and our commitment to the local community. We pride ourselves on our world-class engineering, the investments we make in our employees and our systems, and on our loyal base of customers and manufacturers. Recognized as one of the fastest-growing, private companies in Massachusetts—and awarded the Best Place to Work in Boston for six, consecutive years—there is no better time to join Aqueduct than now!
We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.