Governance, Risk Management, and Compliance (GRC)  Associate

SUMMARY

The Cybersecurity GRC Associate will play a key role in strengthening the security posture of a growing Alternative Investments firm. This early-career opportunity is perfect for a sharp writer, natural organizer, and clear thinker who can cut through complexity to drive real risk reduction. You’ll execute critical GRC activities, craft strong policies, translate technical requirements into practical guidance, and lead projects with minimal oversight. Highly collaborative and action-driven, you’ll work closely with internal teams and external partners to maintain security standards, assess risks, support incident readiness, and help the business move faster and smarter. 

As an onsite/hybrid employee, you are expected to be in the Chicago office on Tuesdays, Wednesdays and Thursday. 

KEY RESPONSIBLITIES  
 

Governance 

• Support the creation and maintenance of cybersecurity policies, standards, and procedures. 
• Align governance practices with frameworks such as NIST CSF and CIS Controls. 
• Participate in policy reviews, steering committees, and control effectiveness assessments. 
• Deliver cybersecurity awareness training and track engagement metrics. 
• Maintain GRC platforms for policy management, issue tracking, and reporting. 

Risk Management 

• Assist in identifying, assessing, and mitigating cybersecurity risks across internal operations. 
• Conduct risk assessments, business impact analyses, and support remediation planning. 
• Perform vendor risk reviews, including SOC report analysis and contract assessments. 
• Contribute to incident response planning, DR/BC testing, and post-incident analysis. 
• Help enhance and automate risk workflows using GRC tools and data. 

Compliance 

• Support compliance with cybersecurity laws and standards (e.g., GDPR, SOX, DORA). 
• Assist with audits by gathering evidence, responding to inquiries, and tracking remediation. 
• Monitor and maintain controls for data protection and compliance reporting. 
• Respond to RFPs, DDQs, and client security requests with accurate information. 
• Track regulatory changes and update compliance documentation as needed. 

EDUCATION, SKILLS AND EXPERIENCE REQUIREMENTS  
 

The ideal experience and critical competencies for this role include the following:  

• Bachelor’s degree in Cybersecurity, Information Systems, or a related field. 
• Foundational knowledge of cybersecurity, risk management, and frameworks. 
• Experience in cybersecurity, IT audit, GRC, or compliance, with exposure to governance tools. 
• Strong attention to detail, analytical thinking, and effective communication skills. 
• Comfortable working with both technical and business teams. 
• Preferred certifications: CompTIA Security+, ISC2 CC, GRCA. 

OUR CULTURE  

Technology, security, and risk management play a critical role at GCM Grosvenor, enabling our team members to make timely, data-driven, and risk-aware decisions in support of our clients. As stewards of $80B+ in assets, we prioritize building secure, resilient systems. Now is an exciting time to join the firm and the Alts industry as a cybersecurity and GRC leader, helping to safeguard a rapidly digitizing environment and enabling the safe adoption of transformative technologies, including AI-driven solutions.  

We are not afraid to think differently. We embrace new ideas, welcome change, and believe security and compliance are enablers of innovation; not barriers. Our culture is one of empowerment, accountability, high performance, transparency, and trust. Successful team members are self-motivated, proactive risk managers who thrive in a fast-paced environment alongside thoughtful, smart colleagues. We look for natural collaborators who can cut through complexity, build trust across the organization, and turn information into meaningful, actionable outcomes that protect and strengthen the business. 

Our cloud-first environment, hosted in AWS and Azure, requires a modern, agile approach to cybersecurity and risk management. As a GRC Associate, you’ll help embed security, compliance, and resilience into our technology and business processes. Working alongside engineering and business teams, you’ll support policy development, risk assessments, incident readiness, and control testing bringing a practical, action-driven mindset to a highly collaborative, fast-paced environment. 

It is expected that the annual base salary range for this Chicago-based position will be $90,000- $110,000.  Actual base salary may vary based on factors such as individual's experience, skills, and qualifications for the role.  Employees may be eligible for a discretionary bonus based on factors such as individual, team, and company performance as well as a comprehensive benefits package.

ABOUT THE FIRM

GCM Grosvenor (Nasdaq: GCMG) is a global alternative asset management solutions provider with approximately $82 billion in assets under management across private equity, infrastructure, real estate, credit, and absolute return investment strategies.

The firm has specialized in alternatives for more than 53 years and has a diverse, engaged team of approximately 550 professionals serving a global client base. We are proud to offer our employees a comprehensive benefits package focused on health and wellness, retirement planning, and diversity and inclusion. The firm is headquartered in Chicago, with offices in New York, Toronto, London, Frankfurt, Tokyo, Hong Kong, Seoul, and Sydney. For more information, visit: gcmgrosvenor.com.

EQUAL OPPORTUNITY EMPLOYER M/F/D/V