GRC Analyst (Remote - LATAM) at Atmosera | Torre
warning

Heads-up

The job you’re trying to post already exists in Torre:

GRC Analyst (Remote - LATAM)

You'll elevate client security and operational trust by ensuring regulatory alignment and audit readiness.
Emma highlights
This highlight was written by Emma’s AI. Ask Emma to edit it.
Freelance
Recurrent
Provide your expected compensation while applying
location_on
Remote (for Mexico residents)
Remote (for Argentina residents)
Remote (for Colombia residents)
Match
skeleton-gauges
You have opted out of job matches in .
To undo this, go to the 'Skills and Interests' section of your preferences.
Review preferences
Shared by
Emma of Torre.ai
12 days ago

Requirements and responsibilities


Atmosera empowers businesses to redefine what's possible with modern technology and human expertise. Our exceptional experience across Applications, Data & AI, DevOps, Security, and the Microsoft Azure platform enables organizations to accelerate innovation, enhance security, and optimize operational agility. As a Microsoft Partner with seven specializations, GitHub AI Partner of the Year, a member of the GitHub Advisory Board, and a member of the prestigious Microsoft Intelligent Security Association (MISA), Atmosera expertly delivers cutting-edge, integrated solutions that deliver business value.The GRC Analyst delivers day-to-day Governance, Risk, and Compliance (GRC) services as part of Atmosera’s Managed GRC (MGRC) offering. This role focuses on operational execution, coordination, and reporting across compliance, security assurance, and governance activities to help clients achieve and maintain regulatory alignment, security maturity, and operational trust.The selected candidate will be responsible for client audits, evidence gathering, managing compliance tools, supporting security questionnaires, monitoring security controls, facilitating regulatory alignment, and overseeing ongoing governance activities throughout the Atmosera client portfolio.The GRC Analyst operates within defined service hours (Monday–Friday, 8am–5pm PT) and works closely with Client Success Managers, security engineers, and subject-matter experts. This role does not perform executive security leadership, risk ownership, or vCISO decision-making responsibilities.Core ResponsibilitiesCloud Governance & Compliance OperationsValidate that client environments meet MGRC baselines and support ongoing security policy alignment to:Microsoft Cloud Security Benchmark (MCSB)NIST frameworks (NIST SP 800-171, NIST SP 800-53, etc.)HIPAA (where applicable)FedRAMPCMMC 3.0ISO 27001-2022GDPRAssist with governance documentation updates and maintenanceSupport compliance tracking and evidence organizationProvide consultative guidance on compliance and security-related questions by coordinating access to Atmosera cybersecurity expertsMonitor security posture through Defender for Cloud and Azure Policy compliance recommendationsTrack misconfigurations, policy drifts, and high impact findings for remediation.Security QuestionnairesAssist with basic security questionnaires using Atmosera’s standard response libraryProvide standardized responses through coordination with the Account Management or Client Success teamSupport optional full Security Questionnaire Management services when contracted, including:Intake and trackingDrafting and coordination of responsesSupporting documentation preparationAudit & Assurance Support Participate directly in client audits (SOC 2, HIPAA, PCI where applicable)Support ongoing audit readiness and management activities when included in scope, including:Evidence gathering and organizationAudit request trackingCoordination with internal teams and external auditorsEnsure ongoing audit readiness for clients enrolled in MGRC that is consistent with MGRC service definitions in shared documentationMaintain audit readiness documentation throughout the yearMaintain audit request trackers and coordinate responses with internal SMEs.Support project management activities related to compliance audits (e.g., SOC 2)Security Operations Governance SupportEnsure proper documentation to support compliance with client governance requirements and client specific requirementsTake ownership of monthly and quarterly MGRC reportingAssist with the development and maintenance of custom response playbooks for:Azure Sentinel SOAR (Security Orchestration, Automation, and Response)Support governance oversight of:CyberSOC reporting with enhanced security insightsActionable threat intelligence reportingProactive threat hunting outputsEnsure governance artifacts align with managed detection and response activitiesSecurity Readiness & Preparedness ActivitiesCoordinate and support:Monthly phishing simulation preparedness activitiesYearly tabletop exercise planning and execution supportBi-annual penetration testing preparedness and coordinationTrack outcomes, findings, and remediation activities for readiness exercisesAttack Surface & Security Posture ManagementSupport Attack Surface Management activities, including:Continuous discovery and monitoring of exposed assetsDocumentation of digital attack surface insightsAssist with security posture tracking and compliance reporting for:ExecutivesAuditorsInternal stakeholdersMonthly Server vulnerability ScanningDesign and implement workflows that improve the serviceTrack findings, prepare client-facing reports, and coordinate remediation with security engineersPenetration Test CoordinationServe as the primary coordinator for client penetration testing engagementsManage scheduling, scope alignment, retesting cycles, evidence handoff and management of the relationship with penetration testing teams.Maintain communication and set expectations with organizations being testedCloud Governance SupportSupport Azure Policy implementation and monitoring using advanced governance featuresAssist with ensuring Azure resources and configurations remain compliant with defined security baselinesTrack and report service misconfigurations, compliance drift and remediation statusMonitor security posture through Defender for Cloud and Azure Policy compliance resultsValidate that client environments meet MGRC baselines. Microsoft Cloud Security Benchmarks, and any additional client-specific compliance requirements supported by AzureCollaboration & Service DeliveryWork closely with:Client Success ManagersSecurity Analysts and EngineersCyberSOC teamsAccount Management representativesEscalate issues, risks, or scope concerns to appropriate senior resourcesOperate within defined MGRC service boundaries and SLAsPurview Compliance Manager AdministrationOwn and manage Purview Compliance Manager for all subscribed MGRC clients.Track regulatory control posture, improvement actions, and evidence assignments.Guide clients through remediation and maintain year-round compliance readiness.Partner with engineering teams on policy and control mappings (Azure Policy, Defender for Cloud) that support compliance scoring as discussed in internal service map documentation.Required Skills & Experience2+ years of experience in GRC, IT risk, compliance, or security operations supportHands-on experience with Microsoft Purview Compliance Manager, including control mapping, evidence tasks, and regulatory templatesFamiliarity with Defender for Cloud, including secure score, recommendations, and compliance dashboardsWorking experience with Azure Policy concepts including assignments, compliance scanning and configuring and remediation tasksFamiliarity with:NIST frameworksSOC 2 conceptsCIS ControlsHIPAA complianceExperience supporting audits, questionnaires, or compliance programsStrong documentation, evidence collection, and organizational skillsAbility to manage multiple client workstreams simultaneouslyStrong public speaking and presentation skills using Microsoft PowerPointSC-900 Microsoft Certified: Security, Compliance, and Identity Fundamentals – within 90 days of hirePreferred Skills & ExperiencePrior experience in managed services or MSSP environmentExperience coordinating penetration tests or annual security testing cyclesAbility to translate technical findings into clear business-oriented summariesFamiliarity with Entra ID, Azure RBAC, Conditional Access, and cloud governance fundamentalsComfort working with security engineering teams and client facing rolesCertifications (any of the following)SC-100 (Microsoft Certified: Cybersecurity Architect Expert)ISC2 CISSP  (Certified Information Systems Security Professional)ISC2 CGRC – (Certified Governance, Risk and Compliance)GRCP (GRC Professional)CRISC (Certified in Risk and Information Systems Control)CISA (Certified Information Systems Auditor)CISM (Certified Information Security Manager)Success IndicatorsThe analyst will be successful when they:Maintain predictable, well organized evidence pipelines for client auditsKeep Purview Compliance Manager workstreams accurate and up to date across all MGRC clientsDeliver clear and reliable monthly vulnerability and governance reportsMaintain consistent alignment to MGRC service definitions as structured by Jorge and reflected in the MGRC Analyst role materialsReduce client audit friction and improve audit pass ratesWe may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses and identifying potential inconsistencies or verification signals in application materials based on available information. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.
Optionally, you can add more information later (benefits, pre-screening questions, etc.)
check_circle

Payment confirmed

A member of the Torre team will contact you shortly

In the meantime, continue adding information to your job opening.