Job Description
IT GOVERNANCE, RISK MGMT & COMPLIANCE ANALYST
Administrative Sarasota, FL |ABOUT PRISM PRISM
is devoted to modernization and innovation within the world of technology, security, and IT enterprise solutions. We are recognized for meeting performance requirements and exceeding customer expectations since 1994. Our culture is founded on relationships, opportunity, and success. Offering comprehensive benefit plans including medical, dental, vision, and 401K along with our people - first approach sustains our reputation as a premier employer. PRISM Inc. is seeking an IT GRC Analyst to support governance, cybersecurity risk, and compliance programs. You will manage policy development, risk assessments, and audit activities while collaborating with IT and Security teams to maintain a robust security posture and ensure regulatory adherence. KEY RESPONSIBILITIES
Governance & Framework Management Maintain and update IT policies, standards, and procedures in alignment with industry frameworks (NIST CSF, ISO
27001, COBIT, and SOC 2). Document IT workflows and control activities, providing data for leadership dashboards and compliance reporting. Promote organizational adoption of governance and cybersecurity best practices through training support and cross-departmental collaboration. Risk Assessment & Mitigation Execute IT risk assessments for internal systems, new projects, and third-party vendors. Manage the IT Risk Register, tracking identified vulnerabilities and ensuring mitigation actions are documented and resolved. Support Vendor Risk Management (VRM) by evaluating security questionnaires, SOC reports, and third-party compliance evidence. Compliance & Audit Coordination Act as a key point of contact for internal and external audits, including SOX ITGC
testing, cybersecurity reviews, and regulatory audits. Monitor and enforce adherence to regulatory requirements such as SOX, HIPAA, PCI-DSS, and GDPR/CCPA.
Perform periodic control testing to verify operational effectiveness, documenting findings and tracking remediation efforts. IT Controls & Continuous Monitoring Support the maintenance of IT General Controls (ITGC), focusing on access management, change control, and data backup protocols. Identify control gaps and propose proactive improvements to strengthen the organization's overall security posture. Participate in the continuous monitoring of security controls to ensure a state of "audit readiness" at all times. REQUIRED QUALIFICATIONS
(SKILLS/EDUCATION): Education & Experience Education:
Bachelor's degree in IT, Cybersecurity, Business, or a related field. Experience:
1-3 years in IT Security, Audit, Risk Management, or Compliance (relevant internships considered). Technical Knowledge:
Foundational understanding of IT General Controls (ITGC) and core cybersecurity concepts. Technical Skills Frameworks:
Familiarity with NIST CSF, ISO
27001, or SOC 2. Tools:
Experience with GRC platforms (e.g., ServiceNow, Archer, OneTrust) is a plus. Audit:
Prior exposure to internal/external audit activities or control testing. Soft Skills Strong analytical, documentation, and organizational skills. Ability to interpret complex policies and regulatory requirements. Excellent verbal and written communication skills for cross-functional collaboration. Preferred Certifications CompTIA Security+ CISA (or CISA-knowledgeable) CRISC or ISO 27001
Foundations Any introductory Cybersecurity or Audit-related certification ??????PRISM is an Equal Opportunity/Affirmative Action employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status, or any other protected class.
