Governance Risk & Compliance (GRC) Analyst II (Entry Level)

San Antonio, TX, United States

Applications have closed

Company Description

Vericast is a premier marketing solutions company that accelerates profitable revenue growth for the 70,000 businesses it serves directly by influencing consumer purchasing and transaction behavior at scale while engaging with over 120 million households daily.  We are recognized as leading providers of incentives, advertising, marketing services, transaction solutions, customer data and cross-channel campaign management, and intelligent media delivery that create millions of customer touch points annually for their clients.  For more information, visit or follow Vericast on LinkedIn.

Job Description

Vericast is looking for a GRC Analyst II to join our growing Security Compliance Team! The Governance, Risk, and Compliance (GRC) Analyst is responsible for documenting, assessing, and supporting Vericast’s compliance and risk management processes as they relate to the management, security, and protection of our information assets and systems. Working as part of the Compliance Center of Excellence (CCoE) in the Information Security and Privacy Group (ISPG), this position provides proficiency in the areas of audit, technology, security, and privacy to support regulatory, contractual, and industry requirements.

The GRC Analyst will help ensure technology, security, and privacy requirements are met across the enterprise. These requirements include documenting and tracking both technical and policy-based control compliance; supporting ISPG business processes; and assisting CCoE leadership and SMEs in client and third-party security audits such as Service Organization Control Reporting (SOC 1 and SOC 2), Payment Card Industry Data Security Standard (PCI DSS), and industry assessments such as TruSight and SIG surveys.

This position requires basic familiarity and experience with information technology and security concepts and practices, including program governance, control alignment activities, and compliance audits. This position will support and collaborate with CCoE team members and subject matter experts (SMEs) across functional areas to help meet CCoE, ISPG, and Vericast objectives.


  • Support client compliance audits/assessments (annual audits and due diligence requests for information), Internal Audit, and external auditors (SOC 1, SOC 2, PCI DSS, FSA, etc.). 
  • Contribute to ISPG initiatives and processes including vendor risk management, IT security reviews and implementations, data governance, and security training and awareness programs. 
  • Actively learn and grow SME specific skills and experience in one or more targeted data protection areas (IT compliance, information security, privacy, etc.) to support overarching CCoE objectives. 
  • Support and contribute to CCoE compliance activities and initiatives, including continuous monitoring activities supporting critical security and data protection processes. 
  • Collaborate with and support other ISPG teams, including Security Operations and Privacy, to understand and improve existing controls, technologies, and processes across the Compliance team and the company. 


Bachelor’s degree or higher in Computer Science, Management Information Systems, Information Science, or a related discipline.


  • Minimum 1-2 years of experience in audit or operations with a focus on compliance of IT, security, and/or privacy programs and controls against industry and/or regulatory standards
  • Knowledge and skills relating to data protection (IT, security, privacy) concepts, technologies, and current trends and practices
  • Experience supporting compliance audits and assessments
  • Experience documenting and supporting the design and implementation of compliance, security, and/or privacy programs, policies, and controls
  • Desire to continuously improve processes and share information with the team
  • Ability to work across different teams and technologies to develop or improve common compliance processes for a robust data protection culture


  • An existing certification in a relevant area (ISC2, ISACA, IAPP, or equivalent programs) is a plus, or willingness to pursue certification within the first year
  • For recent college graduates, evidence of relevant course work, projects, or internships in specific areas is also acceptable


  • Exceptional personal and professional integrity and work ethic
  • Ability to work across diverse teams and skillsets, including technical and non-technical stakeholders, and mentor and advise those with limited security or compliance knowledge
  • Willingness to take on new challenges, manage expectations, and provide feedback both up, down, and sideways
  • Results oriented, willing to commit to goals and drive to completion
  • Ability to manage conflicting priorities and challenges for mutual success


  • Exceptional communication skills, both written and verbal
  • Ability to manage senior relationships across all the business and functional areas
  • Ability to navigate through varying company levels across business and functional areas
  • Ability to cultivate cooperative and constructive working relationships
  • Ability to handle complaints, settle disputes, resolve conflicts, and negotiate with others
  • Collaborative team player oriented towards work relationships and strong culture awareness
  • Proficient in writing and presenting evidence-based reports to communicate progress, identify challenge areas, and drive continuous improvement


  • Priority setting and alignment of project priorities with business strategy
  • Ability to break down complex problems and projects into manageable goals
  • Proficiency in evaluating and implementing automated solutions for complex processes
  • Effective in building trust, respect, and cooperation among teams


This is a security sensitive position. Employee will have access to and/or manage data and other information of a critical and sensitive nature relative to Vericast and its business segments, partner organizations, and/or its clients. Accordingly, the risk associated with the functions of the position requires a more intensive background review.

Supervisory Responsibilities:

Position requires no supervisory experience.

Additional Information

Salary: $70,000/year

The ultimate compensation offered for the position will depend upon several factors such as skill level, cost of living, experience, and responsibilities.

Vericast offers a generous total rewards benefits package that includes medical, dental and vision coverage and generous PTO allowance. A wide variety of additional benefits like life insurance, employee assistance and pet insurance are also available, not to mention smart and friendly coworkers!

At Vericast, we don’t just accept differences - we celebrate them, we support them, and we thrive on them for the benefit of our employees, our clients, and our community. As an Equal Opportunity employer, Vericast considers applicants for all positions without regard to race, color, creed, religion, national origin or ancestry, sex, sexual orientation, gender identity, age, disability, genetic information, veteran status, or any other classifications protected by law. Applicants who have disabilities may request that accommodations be made in order to complete the selection process by contacting our Talent Acquisition team at EEO is the law. To review your rights under Equal Employment Opportunity please visit:



Tags: Audits Compliance Computer Science Governance ISACA Monitoring PCI DSS Privacy Risk management SOC SOC 1 SOC 2 Strategy

Perks/benefits: Career development Health care Insurance Team events

Regions: Remote/Anywhere North America
Country: United States
Job stats:  340  88  2

Explore more InfoSec/Cybersecurity career opportunities

Find open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Analysis, Cryptography, Digital Forensics and Cyber Security in general, filtered by job title or popular skill, toolset and products used.