Lead GRC Analyst (ITSecurity)

Austin TX


Job Location:

Manor, PA - USA

Monthly Salary: Not Disclosed
Posted on: 7 hours ago
Vacancies: 1 Vacancy

Job Summary

Join UCTand be part ofthe fastest-growing sector in the world! We indirectly touch every semiconductor chip that goes into every smartphone smartcarand device that uses artificial intelligence.âThis is a critical time for the semiconductor industry and for UCT - as technology evolves we evolve with it. UCT is a diverse workplace where every talented employee is committed to continuous innovation challenging the status quo and exceeding customer expectations. If you are a person with a relentless drive to succeed a strong focus on quality with a passion for success join us today!â

UCTis looking for a talented Analyst III IT Infosecto join us inAustin TX!ââ

Analyst III IT Information Security is a contributor responsible for strengthening the organizations security posture through analysis detection incident response and security program development. This role blends technical expertise with strategic thinking ensuring that security controls policies and processes effectively protect systems data and users across the enterprise.

Role Overview

  • The UCT GRC Specialist will support the design execution and maturity of UCTs IT governance risk and compliance program. This role is responsible for coordinating IT risk management activities supporting control design and testing maintaining audit-ready evidence and partnering with IT Security Legal Finance HR Operations and business stakeholders to embed compliance into day-to-day processes.
  • The role will help maintain a structured GRC program aligned with applicable regulatory requirements SOX obligations cybersecurity frameworks internal policies and UCTs risk appetite. The specialist will also support continuous improvement initiatives including automation workflow optimization reporting and development of playbooks and self-service resources.

Third-Party Risk Management & Vendor Governance

  • Support the vendor and cloud service provider risk review process including intake security questionnaire review SOC 2 report review architecture and access considerations contract support risk documentation and stakeholder follow-up.
  • Evaluate vendor security posture in coordination with technical subject matter experts and document risks compensating controls remediation commitments and risk acceptance decisions where applicable.
  • Maintain vendor risk records and support reporting on third-party risk themes overdue remediation items and exceptions that require management awareness.

Compliance Automation Reporting & Continuous Improvement

  • Administer optimize and support GRC and compliance automation platforms to improve workflow efficiency reduce manual effort and strengthen reporting consistency.
  • Develop and maintain compliance metrics dashboards process trackers and executive reports to communicate program status control performance audit readiness and remediation progress.
  • Identify opportunities to streamline recurring compliance activities standardize evidence collection automate reminders and improve stakeholder visibility into open tasks and deadlines.

Risk Register Stewardship

  • Establish maintain and mature the Enterprise IT Risk Register including risk identification categorization likelihood and impact scoring ownership assignment risk response and status tracking.
  • Partner with risk owners to develop and monitor risk treatment plans track remediation progress and escalate high or critical risks when timelines ownership or mitigation plans require leadership attention.
  • Develop and present risk dashboards compliance metrics and executive-ready reports that provide leadership with a clear view of UCTs IT risk environment control gaps remediation status and program maturity.

Framework Implementation Control Design & Gap Analysis

  • Support the scoping design and maturity of UCTs IT compliance program by mapping IT controls to applicable frameworks and requirements including SOX ITGC expectations CIS NIST CSF ISO 27001 SOC 2 and other relevant regulatory or customer obligations.
  • Perform control gap analyses document findings assess control maturity and develop remediation roadmaps in partnership with control owners system owners and process owners.
  • Design document and improve internal controls and common control frameworks to support evolving compliance requirements reduce duplication and improve consistency across applications infrastructure and business processes.

Site Walkthroughs & Operational Assessments

  • Plan coordinate and perform site walkthroughs to evaluate local IT operations physical and logical access practices change management procedures backup and recovery processes asset management and compliance with established IT policies and control requirements.
  • Partner with site IT teams business process owners and control owners to understand local procedures validate control operation identify process gaps and confirm that documented practices align with actual operating activities.
  • Document walkthrough observations risks control gaps evidence requirements and remediation actions in a clear and audit-ready format.
  • Track site walkthrough findings through remediation escalate significant issues where appropriate and summarize recurring themes for leadership reporting and broader control improvement initiatives.

Policy SOP & Governance Support

  • Draft maintain and periodically review IT policies standards procedures and control documentation to ensure alignment with regulatory requirements internal governance expectations and operational practices.
  • Manage the policy and SOP lifecycle including drafting stakeholder review approval routing publication periodic recertification and evidence-based validation of operating procedures.
  • Develop training materials playbooks and self-service resources that help IT and business teams understand compliance expectations and meet requirements efficiently.

Control Testing Evidence Collection & Audit Readiness

  • Lead or support control design walkthroughs and tests of operating effectiveness including evidence collection effectiveness validation exception identification remediation tracking and continuous improvement.
  • Prepare and support control owners and process owners for internal and external audits by reviewing people processes technologies key configurations and supporting evidence for completeness and audit readiness.
  • Build and maintain a centralized evidence repository to ensure change control records access reviews control attestations remediation artifacts and other compliance documentation are organized current and available for audit requests.
  • Coordinate audit evidence requests across IT and business teams track completion against defined timelines and communicate status blockers and escalation needs to stakeholders.

Access Governance & User Access Reviews

  • Define maintain and support the schedule and standards for periodic user access reviews of SOX-relevant and mission-critical systems.
  • Validate completed access reviews against least privilege segregation of duties and business need requirements; document findings exceptions and evidence of review completion.
  • Track remediation of excessive inappropriate or stale access identified during reviews and support reporting to control owners system owners and leadership.

Cross-Functional Collaboration & Program Support

  • Partner with IT Security Engineering Product Legal HR Finance Operations and business stakeholders to integrate compliance requirements into processes technology changes vendor decisions and operational practices.
  • Communicate effectively with technical and non-technical stakeholders on IT risk control design remediation expectations audit requests and program reporting.
  • Manage multiple GRC initiatives simultaneously while keeping stakeholders informed maintaining schedules tracking deliverables and escalating risks to timely completion.

Program Leadership Scope

  • Support the design of the overall GRC program structure including process design tooling strategy control framework alignment operating cadence and prioritization roadmap.
  • Help establish scalable GRC policy methodology documentation and reporting standards as the function grows.
  • Represent GRC in cross-functional governance discussions and advise stakeholders on risk-based prioritization control expectations and remediation planning.
  • Provide technical direction knowledge sharing and mentoring support to additional GRC team members as the function expands.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities duties or responsibilities that are required of the employee for this job. Duties responsibilities and activities may change at any time with or without notice.

Minimum Qualifications

  • Minimum of 3 years of experience in IT governance risk compliance IT audit cybersecurity compliance IT controls third-party risk management or a related field.
  • Bachelors degree in Information Systems Information Technology Cybersecurity Computer Science Accounting Business Risk Management or a related field or equivalent practical experience.
  • Professional certification preferred such as CRISC CISA CISM CISSP or other relevant IT risk audit security or compliance certification.
  • Experience supporting IT risk register activities control testing evidence collection audit readiness remediation tracking compliance reporting or site walkthroughs.
  • Working knowledge of IT control frameworks and compliance requirements such as SOX ITGC CIS NIST CSF ISO 27001 SOC 2 or similar frameworks.
  • Ability to partner with IT Security business site teams vendors and control owners to document processes validate control operation identify gaps and support remediation.
  • Strong written and verbal communication skills with the ability to prepare clear documentation walkthrough notes risk summaries control summaries dashboards and stakeholder updates.
  • Strong organizational skills with the ability to manage multiple priorities track deadlines follow up on open items and support recurring compliance activities.

Ultra Clean Technology is proud to be an equal-opportunity employer. We are committed to equal employment opportunity regardless of race color national or ethnic origin age religion disability sexual orientation gender gender identity and expression marital status and any other characteristic protected under laws and regulations.


Required Experience:

IC

Join UCTand be part ofthe fastest-growing sector in the world! We indirectly touch every semiconductor chip that goes into every smartphone smartcarand device that uses artificial intelligence.âThis is a critical time for the semiconductor industry and for UCT - as technology evolves we evolve with ...

About Company

Company Logo

Ultra Clean Holdings, Inc. was founded 30 years ago in Hayward, CA. UCT is a leading developer and supplier of critical subsystems, components and parts, and ultra-high purity cleaning and analytical services primarily for the semiconductor industry. Under its Products division, UCT o ... View more

View Profile View Profile