GRC Security Analyst

ABOUT LVT

LVT is on a mission to make the world safer and more secure through rapidly deployable security hardware that runs on our proprietary SaaS platform. Our enterprise-grade safety and security ecosystem makes it easy to secure essentially any physical environment through intelligent automation and actionable insights. As an industry leader in the IoT space, our systems are deployed in every state and adopted by Fortune 500 enterprise companies who share this vision.

ABOUT THIS ROLE 

LVT is actively seeking a highly motivated and detail-oriented Security Analyst (GRC) to join our growing Information Security team. This role will report directly to the GRC Manager. This position is designed for an individual eager to delve deeply into the operational aspects of Governance, Risk, and Compliance, directly supporting LVT’s steadfast commitment to security excellence and regulatory adherence as the business continues its innovative scaling.

LVT values managing risk in alignment with our customer’s and stakeholder’s expected levels.   We design, implement,  and monitor controls that reduce real risk.  The Security Analyst (GRC) will play an instrumental role in driving key operational GRC initiatives. The primary focus of this hands-on position will be the end-to-end management of LVT’s SOC 2 audit processes, initiating third-party risk assessments, actively contributing to the policy review and approval lifecycle, and documenting and treating risks in our risk register. 

RESPONSIBILITIES

• Coordinate and support the annual SOC 2 audit as the primary liaison and facilitator for external auditors. 
• Manage, monitor, and make appropriate changes to SOC 2 controls.
• Facilitate effective communication and coordination with internal SOC 2 control owners. 
• Proactively assist in identifying, analyzing, and resolving audit concerns or control deficiencies, proposing initial remediation steps. 
• Document audit outcomes, lessons learned, and recommended improvements post-audit. 
• Oversee ongoing control testing, including evidence collection and documentation.
• Responsible for routine monitoring and continuous compliance activities to ensure the overall effectiveness of the GRC Program.
• Identify, scope, and implement routine GRC controls.
• Initiate and conduct third party risk assessments by gathering and analyzing vendor documentation, security controls, and other relevant information to identify potential risks. 
• Contribute to and review LVT’s security policies, submitting them for approval, and ensuring alignment with organizational standards.
• Maintaining and updating the risk register ensures accurate and timely recording of identified risks and their mitigation statuses.
• Demonstrate increasing autonomy in resolving defined issues.
• Maintain, monitor, and continuously improve GRC documentation, processes, and tools to ensure accuracy, accessibility, compliance with internal controls, and overall program effectiveness—while supporting scalability and efficiency as the company grows.

QUALIFICATIONS

• 2 - 4 years of experience with Information Security, GRC or IT Audit roles, demonstrating a growing understanding of GRC concepts and methodologies. 
• Experience with developing and implementing policies and procedures, assessing and prioritizing risks, and maturing security compliance programs.
• Practical experience with SOC 2 audit processes is essential, including proficiency in control testing, evidence collection, and internal coordination. 
• Familiarity with NIST frameworks (e.g., CSF 2.0, SP 800-53).
• Familiarity with conducting third-party risk assessments processes and methodologies.
• A foundational understanding of business operations and how security controls impact business functions.
• Strong writing skills for tasks such as policy review and approval, developing risk treatment plans, and creating audit documentation and responses for external auditors.
• Strong organizational skills and attention to detail for managing documentation, audit evidence, and maintaining accurate GRC records.
• Experience working with GRC platforms (e.g., Drata, Vanta, ZenGRC) and project management tools (e.g., Jira, Asana) is a plus.
• Effective written and verbal communication skills are necessary for successful collaboration with internal stakeholders and external parties. 
• Ability to translate complex technical information into clear, concise, and non-technical language for various audiences, from engineers to executive leadership.
• Familiarity with leveraging and applying AI tools and technologies to automate routine GRC tasks and improve program efficiency.
• A Bachelor's degree in Information Security, Computer Science, Information Technology, Business, or a related field, or equivalent practical experience, is preferred. 
• Relevant professional certifications such as CompTIA Security+, CISA, or CRISC are highly desirable.