Security Governance, Risk, and Compliance (GRC) Analyst
ABOUT THE JOB
The ACLU seeks applicants for the full-time position of Security Governance, Risk, and Compliance (GRC) Analyst in the Information Security Department of the ACLU’s National office in New York, NY. This is a hybrid role that has in-office requirements of two (2) days per week or eight (8) days per month.
The ACLU’s Information Security Department works to protect the confidentiality, integrity, and availability of the ACLU’s digital systems, data, and communications. We collaborate across departments and affiliates to defend against cybersecurity threats, reduce risk, and foster a culture of security awareness. Our mission is to ensure that the ACLU can continue its critical work safeguarding rights and liberties, without compromise, in an increasingly complex and hostile digital landscape.
WHAT YOU'LL DO
This role is a unique opportunity to develop foundational skills in cybersecurity governance, risk management, and compliance. Reporting directly to the Chief Information Security Officer (CISO) and working closely with the GRC colleagues, the GRC Analyst will assist in conducting risk assessments, maintaining compliance standards, and supporting our security policies. This role is ideal for candidates looking to launch their careers in cybersecurity and contribute to a mission-driven organization.
YOUR DAY TO DAY
- Conduct risk assessments to identify security risks and support the organization’s risk management strategy
- Maintain the security Risk Register by documenting and updating identified risks, treatment plans, and progress
- Collaborate with cross-functional teams to track risk treatment initiatives and ensure they align with organizational goals
- Drive the creation, review, and continuous improvement of security policies, standards, and procedures, ensuring alignment with industry frameworks (e.g., NIST, ISO 27001), compliance requirements, and emerging best practices
- Work with team members to ensure that policies are documented, organized, and easily accessible to stakeholders across the organization
- Conduct vendor risk assessments to evaluate third-party security practices, documenting findings and follow-up actions
- Monitor compliance and risks associated with third-party vendors, partners, and affiliates under the guidance of the CISO
- Support privacy and data protection compliance efforts, including PCI requirements and data lifecycle management
- Work closely with Legal and Privacy teams to understand regulatory requirements and apply them to ACLU data practices
- Compile security metrics and assist in preparing reports and dashboards that reflect the organization’s security posture
- Support the team in gathering data for metrics on risk management, audit findings, and policy compliance
- Coordinate audit preparations and tracking audit findings, helping the team with remediation follow-up as needed
- Collaborate with affiliate teams to support security standards and promote security awareness across the organization
FUTURE ACLU'ERS WILL
- Be committed to advancing the mission of the ACLU
- Center and embed the principles of equity, inclusion and belonging in their work by demonstrating commitment to diversity with an approach that respects and values multiple perspectives
- Be committed to work collaboratively and respectfully toward resolving obstacles and conflicts
WHAT YOU'LL BRING
Joining the ACLU as a Security GRC Analyst offers the chance to pursue a meaningful career in cybersecurity while contributing to a mission that protects civil liberties. You’ll bring project management experience and will gain hands-on experience in security governance and compliance and be part of a supportive team that values learning and growth. If you’re eager to develop your security skills and make a difference, we encourage you to apply!
- Basic understanding of cybersecurity principles and interest in governance, risk management, and compliance
- Willingness to learn and work with GRC tools, risk assessment methods, and security metrics
- Familiarity with common security frameworks (e.g., NIST, CIS) is helpful but not required
- Project management or IT project and program management experience
- Internships, coursework, or projects in cybersecurity, risk management, or compliance are a plus but not required
- Detail-oriented with strong organizational skills and a proactive approach to learning
- Good communication and interpersonal skills to work effectively with team members and cross-functional teams
- Ability to prioritize tasks and manage time effectively in a supportive, collaborative environment
COMPENSATION
WHY THE ACLU
For over 100 years, the ACLU has worked to defend and preserve the individual rights and liberties guaranteed by the Constitution and laws of the United States. Whether it’s ending mass incarceration, achieving full equality for the LGBTQ+ community, establishing new privacy protections for our digital age, or preserving the right to vote or the right to have an abortion, the ACLU takes up the toughest civil liberties cases and issues to defend all people.
We know that great people make a great organization. We value our people and know that what we offer is essential not just their work, but to their overall well-being.
At the ACLU, we offer a broad range of benefits, which include:
- Time away to focus on the things that matter with a generous paid time-off policy
- Focus on your well-being with comprehensive healthcare benefits (including medical, dental and vision coverage, parental leave, gender affirming care & fertility treatment)
- Plan for your retirement with 401k plan and employer match
- We support employee growth and development through annual professional development funds, internal professional development programs and workshops
OUR COMMITMENT TO ACCESSIBILITY, EQUITY, DIVERSITY & INCLUSION
Accessibility, equity, diversity and inclusion are core values of the ACLU and central to our work to advance liberty, equality, and justice for all. For us diversity, equity, accessibility, and inclusion are not just check-the-box activities, but a chance for us to make long-term meaningful change. We are a community committed to learning and growth, humility and grace, transparency and accountability. We believe in a collective responsibility to create a culture of belonging for all people within our organization – one that respects and embraces difference; treats everyone equitably; and empowers our colleagues to do the best work possible. We are as committed to anti-oppression, anti-ableism, and anti-racism internally as we are externally. Because whether we’re in the courts or in the office, we believe ‘We the People’ means all of us.
With this commitment in mind, we strongly encourage applications from all qualified individuals without regard to race, color, religion, gender, sexual orientation, gender identity or expression, age, national origin, marital status, citizenship, disability, veteran status and record of arrest or conviction, or any other characteristic protected by applicable law.
The ACLU is committed to providing reasonable accommodation to individuals with disabilities. If you are a qualified individual with a disability and need assistance applying online, please email benefits.hrdept@aclu.org. If you are selected for an interview, you will receive additional information regarding how to request an accommodation for the interview process.
The Department of Education has determined that employment in this position at the ACLU does not qualify for the Public Service Loan Forgiveness Program.
Apply for this job
*
indicates a required field