Join a team with one shared mission - to make a difference, every person, every day.
We are more than 100,000 team members strong, from all backgrounds and corners of the world, with the talent, experience and compassion that enables us to make an impact. For thousands of clients across the U.S. and in more than 20 global locations, ABM takes care of the people, spaces and places that matter most. We also take care of our team members —ensuring our company is a great place to work, and our communities are safer, healthier, and more sustainable places to be. Every team member at ABM has the opportunity to make a difference. Every day. And we cultivate a culture where our team members feel seen, heard, and valued and can grow a career and a future with us.
ABM is currently seeking a highly motivated and detail-oriented Sr. GRC Analyst to support the organization’s Governance, Risk & Compliance program and ensure alignment with regulatory requirements and industry standards such as ISO 27001, CMMC, NIST, and NYDFS. The Sr. GRC Analyst will support enterprise risk assessments, evaluate control effectiveness, identify risk exposures and control gaps, track remediation efforts, and support cross-functional teams to maintain audit readiness and compliance across the IT and Information Security environment.
Responsibilities• Maintain governance documentation, perform risk assessments, and support framework alignment across ISO 27001/27002/27005, NIST, CMMC, NYDFS, NIS2, and other applicable standards.
• Lead coordination of regulatory and certification assessments (e.g., NYDFS, ISO 27001, CMMC), including risk assessments, Statement of Applicability (SoA) updates, scope management, evidence collection, validation of control documentation, and preparation of attestation support materials.
• Serve as a point of coordination for certification, regulatory, and audit-related activities across IT and Information Security stakeholders.
• Support continuous improvement of Governance, Risk & Compliance processes and documentation standards.
• Maintain accurate records of compliance activities, findings, and remediation status.
• Support cross-functional teams in maintaining audit readiness and regulatory compliance.
• Develop and report risk and compliance metrics to leadership and support remediation tracking activities.
• Perform other duties as assigned, including support of third-party risk management assessments and ongoing vendor monitoring activities, maintenance of risk registers, remediation tracking, and response to client or external cybersecurity requests.
Education:
• Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent relevant experience.
Experience:
• 5+ years of experience in Governance, Risk & Compliance (GRC), IT Risk Management, Information Security, or IT Compliance within a regulated or enterprise environment.
• Experience supporting or coordinating regulatory and certification assessments (e.g., ISO 27001, CMMC, NYDFS, NIST).
• Experience maintaining risk registers, remediation tracking processes, and governance documentation.
• Experience coordinating audit evidence collection and supporting internal or external audit activities.
• Strong understanding of industry standards and frameworks, including ISO 27001/27002/27005, NIST, CMMC, and applicable regulatory requirements.
• Experience developing compliance metrics and reporting for leadership.
• Proficiency with GRC platforms and documentation management tools.
• Strong analytical, organizational, and documentation skills with attention to detail.
• Effective communication and interpersonal skills, with the ability to collaborate across technical and non-technical stakeholders.
• Proficiency with remote collaboration tools (e.g., MS Teams) and Microsoft 365 applications, including PowerPoint and Excel, for documentation, control tracking, and metrics reporting.
• Experience performing or supporting SOC 2 reviews is a plus.
• Experience supporting ISO certification lifecycle activities (surveillance, recertification, scope expansion).
• Experience responding to client or external cybersecurity questionnaires and compliance inquiries.
Certifications:
• One or more of the following: CISA, CISM, CISSP, or CRISC.
Similar Jobs
What you need to know about the Boston Tech Scene
Key Facts About Boston Tech
- Number of Tech Workers: 269,000; 9.4% of overall workforce (2024 CompTIA survey)
- Major Tech Employers: Thermo Fisher Scientific, Toast, Klaviyo, HubSpot, DraftKings
- Key Industries: Artificial intelligence, biotechnology, robotics, software, aerospace
- Funding Landscape: $15.7 billion in venture capital funding in 2024 (Pitchbook)
- Notable Investors: Summit Partners, Volition Capital, Bain Capital Ventures, MassVentures, Highland Capital Partners
- Research Centers and Universities: MIT, Harvard University, Boston College, Tufts University, Boston University, Northeastern University, Smithsonian Astrophysical Observatory, National Bureau of Economic Research, Broad Institute, Lowell Center for Space Science & Technology, National Emerging Infectious Diseases Laboratories


.jpg)
