Governance, Risk, and Compliance (GRC) IT Analyst

The Governance, Risk, and Compliance (GRC) IT Analyst is responsible for ensuring the cooperative's information technology systems adhere to regulatory requirements, industry standards, and internal policies. This role focuses on maintaining compliance with NERC CIP standards, mitigating cybersecurity risks, implementing Zero Trust principles, and supporting governance frameworks to protect critical infrastructure. The GRC IT Analyst collaborates with IT, security, legal, and operational teams to develop policies, perform risk assessments, oversee audits, and strengthen internal controls.Essential Duties and Responsibilities:Governance & ComplianceEnsure IT and cybersecurity programs comply with NERC CIP, FERC, and other relevant regulations.Develop, implement, and maintain IT governance frameworks, policies, and procedures aligned with regulatory requirements.Serve as a key resource in internal and external audits, coordinating responses, evidence collection, and remediation efforts.Stay updated on regulatory changes and industry best practices, advising management on necessary adjustments.Assist in training employees on compliance responsibilities and security awareness.Risk Management & Internal Control ReviewsConduct IT risk assessments to identify and evaluate vulnerabilities in IT systems and processes.Perform internal control reviews to assess the effectiveness of IT security controls, access management, and compliance measures.Maintain the cooperative’s IT Risk Register and track mitigation strategies.Work with IT and security teams to implement risk management strategies and security controls.Support incident response planning and contribute to post-incident investigations.Zero Trust Implementation & Security Control AssuranceLead initiatives to design and implement a Zero Trust Architecture (ZTA) for the cooperative’s IT environment.Establish least privilege access controls, identity verification measures, and micro-segmentation strategies.Collaborate with IT and networking teams to enforce continuous monitoring and authentication policies.Ensure Zero Trust principles align with NERC CIP compliance requirements and cybersecurity best practices.Monitor IT controls and security frameworks (e.g., NIST CSF, CIS Controls).Evaluate third-party vendors for compliance with cybersecurity and regulatory requirements.Perform security assessments of IT systems, applications, and network infrastructure.Participate in business continuity and disaster recovery planning.Collaboration & ReportingGenerate reports on compliance status, risk assessments, and security metrics for leadership and regulators.Work closely with IT, operations, and legal teams to ensure alignment between business objectives and compliance requirements.Serve as a liaison between the cooperative and regulatory bodies during audits and compliance reviews.