IT GOVERNANCE, RISK MGMT & COMPLIANCE ANALYST Administrative Sarasota, FL |ABOUT PRISM
PRISM is devoted to modernization and innovation within the world of technology, security, and IT enterprise solutions. We are recognized for meeting performance requirements and exceeding customer expectations since 1994. Our culture is founded on relationships, opportunity, and success. Offering comprehensive benefit plans including medical, dental, vision, and 401K along with our people - first approach sustains our reputation as a premier employer.
PRISM Inc. is seeking an IT GRC Analyst to support governance, cybersecurity risk, and compliance programs. You will manage policy development, risk assessments, and audit activities while collaborating with IT and Security teams to maintain a robust security posture and ensure regulatory adherence.
KEY RESPONSIBILITIES:
Governance & Framework Management
Maintain and update IT policies, standards, and procedures in alignment with industry frameworks (NIST CSF, ISO 27001, COBIT, and SOC 2).
Document IT workflows and control activities, providing data for leadership dashboards and compliance reporting.
Promote organizational adoption of governance and cybersecurity best practices through training support and cross-departmental collaboration.
Risk Assessment & Mitigation
Execute IT risk assessments for internal systems, new projects, and third-party vendors.
Manage the IT Risk Register, tracking identified vulnerabilities and ensuring mitigation actions are documented and resolved.
Support Vendor Risk Management (VRM) by evaluating security questionnaires, SOC reports, and third-party compliance evidence.
Compliance & Audit Coordination
Act as a key point of contact for internal and external audits, including SOX ITGC testing, cybersecurity reviews, and regulatory audits.
Monitor and enforce adherence to regulatory requirements such as SOX, HIPAA, PCI-DSS, and GDPR/CCPA.
Perform periodic control testing to verify operational effectiveness, documenting findings and tracking remediation efforts.
IT Controls & Continuous Monitoring
Support the maintenance of IT General Controls (ITGC), focusing on access management, change control, and data backup protocols.
Identify control gaps and propose proactive improvements to strengthen the organization's overall security posture.
Participate in the continuous monitoring of security controls to ensure a state of "audit readiness" at all times.
REQUIRED QUALIFICATIONS: (SKILLS/EDUCATION):
Education & Experience
Education: Bachelor's degree in IT, Cybersecurity, Business, or a related field.
Experience: 1-3 years in IT Security, Audit, Risk Management, or Compliance (relevant internships considered).
Technical Knowledge: Foundational understanding of IT General Controls (ITGC) and core cybersecurity concepts.
Technical Skills
Frameworks: Familiarity with NIST CSF, ISO 27001, or SOC 2.
Tools: Experience with GRC platforms (e.g., ServiceNow, Archer, OneTrust) is a plus.
Audit: Prior exposure to internal/external audit activities or control testing.
Soft Skills
Strong analytical, documentation, and organizational skills.
Ability to interpret complex policies and regulatory requirements.
Excellent verbal and written communication skills for cross-functional collaboration.
Preferred Certifications
CompTIA Security+
CISA (or CISA-knowledgeable)
CRISC or ISO 27001 Foundations
Any introductory Cybersecurity or Audit-related certification
??????PRISM is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
PRISM is devoted to modernization and innovation within the world of technology, security, and IT enterprise solutions. We are recognized for meeting performance requirements and exceeding customer expectations since 1994. Our culture is founded on relationships, opportunity, and success. Offering comprehensive benefit plans including medical, dental, vision, and 401K along with our people - first approach sustains our reputation as a premier employer.
PRISM Inc. is seeking an IT GRC Analyst to support governance, cybersecurity risk, and compliance programs. You will manage policy development, risk assessments, and audit activities while collaborating with IT and Security teams to maintain a robust security posture and ensure regulatory adherence.
KEY RESPONSIBILITIES:
Governance & Framework Management
Maintain and update IT policies, standards, and procedures in alignment with industry frameworks (NIST CSF, ISO 27001, COBIT, and SOC 2).
Document IT workflows and control activities, providing data for leadership dashboards and compliance reporting.
Promote organizational adoption of governance and cybersecurity best practices through training support and cross-departmental collaboration.
Risk Assessment & Mitigation
Execute IT risk assessments for internal systems, new projects, and third-party vendors.
Manage the IT Risk Register, tracking identified vulnerabilities and ensuring mitigation actions are documented and resolved.
Support Vendor Risk Management (VRM) by evaluating security questionnaires, SOC reports, and third-party compliance evidence.
Compliance & Audit Coordination
Act as a key point of contact for internal and external audits, including SOX ITGC testing, cybersecurity reviews, and regulatory audits.
Monitor and enforce adherence to regulatory requirements such as SOX, HIPAA, PCI-DSS, and GDPR/CCPA.
Perform periodic control testing to verify operational effectiveness, documenting findings and tracking remediation efforts.
IT Controls & Continuous Monitoring
Support the maintenance of IT General Controls (ITGC), focusing on access management, change control, and data backup protocols.
Identify control gaps and propose proactive improvements to strengthen the organization's overall security posture.
Participate in the continuous monitoring of security controls to ensure a state of "audit readiness" at all times.
REQUIRED QUALIFICATIONS: (SKILLS/EDUCATION):
Education & Experience
Education: Bachelor's degree in IT, Cybersecurity, Business, or a related field.
Experience: 1-3 years in IT Security, Audit, Risk Management, or Compliance (relevant internships considered).
Technical Knowledge: Foundational understanding of IT General Controls (ITGC) and core cybersecurity concepts.
Technical Skills
Frameworks: Familiarity with NIST CSF, ISO 27001, or SOC 2.
Tools: Experience with GRC platforms (e.g., ServiceNow, Archer, OneTrust) is a plus.
Audit: Prior exposure to internal/external audit activities or control testing.
Soft Skills
Strong analytical, documentation, and organizational skills.
Ability to interpret complex policies and regulatory requirements.
Excellent verbal and written communication skills for cross-functional collaboration.
Preferred Certifications
CompTIA Security+
CISA (or CISA-knowledgeable)
CRISC or ISO 27001 Foundations
Any introductory Cybersecurity or Audit-related certification
??????PRISM is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
Job ID: 519186002
Originally Posted on: 4/29/2026
Want to find more Quality Control opportunities?
Check out the 33,418 verified Quality Control jobs on iHireQualityControl
Similar Jobs
Sign Up for Job Alerts
