Cybersecurity GRC Analyst II

Position: IT GRC Analyst II

Location: Santa Ana California - On-site 4 days a week

Compensation: 100-130K/yr DOE

*Actual compensation may vary from posting based on geographic location work experience education and/or skill level.

Position Summary: The Cybersecurity GRC Analyst II will be a key member of our fast-paced growing Cybersecurity Services team. This role is intensely focused on Governance Risk and Compliance (GRC) and serves as a primary point of contact for responding to external audits. The Analyst will be responsible for day-to-day IT compliance data governance and IT risk management functions. This role is critical in defining creating and managing IT policies and standards to meet legal and regulatory requirements.

• External Audit Management: Lead the coordination and response to all external IT audits and regulatory examinations. Act as the primary liaison for external auditors managing evidence collection interviews and formal responses to findings.
• Compliance & Controls Testing: Design lead and perform comprehensive IT control reviews and compliance testing aligned with regulatory and industry frameworks (e.g. SOC 2 NIST NY DFS CCPA/CPRA). Identify control weaknesses and recommend remediation strategies.
• Audit Strategy & Execution: Collaborate with senior IT leadership and Governance teams to develop audit plans and testing strategies based on enterprise risk assessments. Lead high-impact audits across infrastructure cloud applications and cybersecurity domains.
• Controls & Risk Evaluation: Independently evaluate the design and operating effectiveness of IT controls including access management change management data protection network security business continuity and disaster recovery.
• Technology & Evidence Review: Assess automated evidence gathered by NAFs Next Gen GRC/IRM platform. Partner with control owners to validate effectiveness and drive continuous improvement in evidence quality and timeliness for both internal and external audits.
• Reporting & Recommendations: Prepare executive-level audit reports that clearly articulate testing performed risk exposure control gaps and actionable recommendations. Present findings to leadership governance bodies and external auditors.
• Remediation Oversight: Guide and monitor the implementation of remediation plans for audit findings ensuring timely and effective resolution of identified issues. Conduct follow-up reviews to validate remediation efforts.
• Risk Management: Support ongoing IT risk assessment efforts to identify areas of heightened risk. Recommend enhancements to control coverage and risk mitigation practices based on audit results and industry trends.
• Stakeholder Engagement: Serve as a trusted advisor between IT business units and external auditors. Ensure strong collaboration and alignment of controls testing and audit evidence across the organization.
• Regulatory & Industry Expertise: Stay informed on emerging regulatory requirements auditing standards and technology trends. Interpret and apply requirements to improve NAFs IT risk and compliance posture.

• Deep understanding of IT governance compliance and risk management principles.
• Proven experience managing and responding to external IT audits.
• Strong knowledge of frameworks and standards such asSOC 2 NIST CSF/800-53 CIS Controls NY DFS and CCPA/CPRA.
• Experience with IT GRC/IRM platforms (e.g. Archer ServiceNow OneTrust or similar).
• Familiarity with cloud environments (Azure AWS GCP) and modern IT infrastructures.
• Proven ability to adapt to rapidly changing technology landscapes and compliance requirements.
• Excellent analytical problem-solving and critical thinking skills.
• Strong interpersonal written and verbal communication abilities with experience presenting to senior leadership and cross-functional teams.

Education Experience & Certification:

• Education:Bachelors degree in Computer Science Information Systems Cybersecurity or a related field.
• Experience:Minimum5-7 yearsof progressive experience in IT audit IT risk management cybersecurity or compliance in a complex enterprise environment.
• Certifications:Professional certifications are highly preferred:CISA CISSP CRISC CISM CGRC (formerly CAP) CDPSE CGEIT CIA.

Work Authorization:

Must be able to verify identity and employment eligibility to work in the U.S. This position does not offer visa sponsorship.

Other Duties:

This job profile is not intended to be an all-inclusive list of job duties and responsibilities as one may perform additional related duties as assigned in order to meet the needs of the organization.

Physical Demands:

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential functions. Must be able to lift up to ten pounds. Primary functions require sufficient physical ability and mobility to work in an office setting; to stand or sit for prolonged periods of time; to occasionally stoop bend kneel crouch reach and twist; to lift carry push and/or pull light to moderate amounts of weight; to operate office equipment requiring repetitive hand movement and fine coordination including use of a keyboard; and to verbally communicate to exchange information. VISION: See in the normal visual range with or without correction. HEARING: Hear in the normal audio range with or without correction.

Pay Transparency Disclosure: If based in New American Fundings offices this role has the annual base salary range stated below.

Job level and actual compensation will be decided based on factors including but not limited to individual qualifications objectively assessed during the interview process (including skills and prior relevant experience potential impact and scope of role) market demands and specific work location. The listed range is a guideline and the range for this role may be modified. For roles that are available to be filled remotely the pay range is localized according to employee work location by a factor of between 80% and 100% of range. Please discuss your specific work location with your recruiter for more information.

New American Funding offers competitive package of additional benefits including health dental & vision retirement with company contribution parental leave mental health & wellness benefits and generous PTO. New American Funding also offers sales incentive pay for most sales roles and an annual bonus plan for eligible non-sales roles. New American Fundings compensation and benefits are subject to change and may be modified in the future.

EOE/M/F/D/V. Drug-free workplace.

#LI-JS3