[Remote] Security GRC Analyst (REMOTE mostly)

Note: The job is a remote job and is open to candidates in USA. Donnelly & Moore Corporation is seeking a Security GRC Analyst to strengthen their client's compliance and security posture. This role involves developing and maintaining security policies, leading compliance efforts for frameworks like NIST 800-53, and collaborating with technology teams to manage risk effectively. Responsibilities • Lead ongoing compliance efforts for security frameworks including NIST 800-53, CMMC, and SOC 2 • Develop, document, and maintain security and compliance policies, standards, and procedures • Coordinate and prepare evidence for audits and assessments • Monitor for regulatory or framework changes and update internal controls accordingly • Identify and evaluate risks across systems, data, and processes • Partner with Technology teams to design, implement, and test internal controls • Conduct periodic internal reviews to validate compliance and control effectiveness • Track and drive remediation of any identified gaps or findings • Work cross-functionally with software, infrastructure, and operations teams to embed compliance requirements into daily practices • Support vendor risk management and review processes for third-party systems and services • Maintain clear, consistent communication with stakeholders on compliance goals, progress, and issues • Identify opportunities to improve our governance, risk, and compliance programs • Support internal security awareness and training initiatives • Build repeatable processes and documentation that strengthen ARRO's long-term compliance readiness Skills • Bachelor's degree in Computer Science, Information Security, or related field (or equivalent experience) • 5+ years of experience in information security, compliance, or GRC roles • Hands-on experience with NIST 800-53 (required) • Strong understanding of IT and security controls across infrastructure, cloud, and application environments • Proven ability to develop policies, implement controls, and perform internal compliance testing • Excellent communication and project management skills—able to coordinate across teams and manage competing priorities • U.S. citizenship and ability to obtain a government security clearance if required by contracts • Familiarity with frameworks such as CMMC, SOC 2, or NIST 800-171 Benefits • Benefits • Bonus Company Overview • Donnelly & Moore is a highly regarded IT consulting and recruiting firm serving the New York tri-state area. It was founded in 1997, and is headquartered in New York, New York, USA, with a workforce of 51-200 employees. Its website is Apply tot his job