Associate GRC Analyst

Bitsight Technologies, Inc.

Job Overview

Location

Remote Portugal

Job Type

Full-time

Full Job Description

📋 Description

• The Associate GRC Analyst plays a critical role in safeguarding Bitsight’s information assets by supporting its information security and risk management programs, ensuring compliance with internal policies and external regulatory standards while enabling secure business operations and third-party trust.
• Day-to-day responsibilities include serving as a point of contact for IT compliance inquiries, conducting vendor risk assessments during onboarding and offboarding, collaborating with Legal, Engineering, IT, and other teams to align on compliance needs, assisting in the development and maintenance of scalable compliance programs, documenting corporate policies and procedures aligned with SOC 2, ISO 27001, and NIST frameworks, preparing reports and dashboards for stakeholders on GRC initiatives, contributing to continuous monitoring programs by automating manual compliance processes, monitoring regulatory and industry trends to ensure timely policy updates, assisting in the configuration and administration of compliance automation tools, supporting audit preparation by gathering evidence and documentation, and contributing to employee security awareness and training programs.
• Bitsight is a cyber risk management leader with over a decade of innovation, trusted by over 3,000 customers and supported by more than 750 teammates across global offices in Boston, Raleigh, New York, Lisbon, Singapore, and remote locations, including Portugal; the company pioneered the cyber ratings industry in 2011 and delivers integrated solutions across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
• This role offers hands-on experience in developing and implementing compliance frameworks, opportunities to deepen expertise in GRC domains such as SOC 2, ISO 27001, GDPR, and vendor risk management, and the chance to grow professionally through cross-functional collaboration, exposure to automation tools, and involvement in audit processes—building a strong foundation for advancement in information security, risk management, or compliance careers.

🎯 Requirements

• Bachelor’s degree in Information Technology or a related field preferred
• 1-2 years of experience in GRC, IT security, risk management, or compliance roles (internships or entry-level experience acceptable)
• Familiarity with security frameworks and regulations including SOC 2, ISO 27001, NIST, GDPR, CCPA, and PCI DSS
• Experience with ticketing systems such as Zendesk, Jira Service Management, or Freshdesk for internal and external communications
• Strong interpersonal, communication, and presentation skills, including formal report writing
• Ability to thrive in a fast-paced environment while managing multiple priorities and meeting deadlines

🏖️ Benefits

• Best-in-class benefits package supporting health, wellness, and financial security
• Commitment to an inclusive culture where belonging and diversity are prioritized
• Opportunities for professional growth and skill expansion aligned with personal goals
• Remote work flexibility based in Portugal with access to a global, distributed team
• Equal opportunity employer with reasonable accommodations available for qualified individuals
• Support for ongoing learning and development in the GRC domain

Skills & Technologies

Junior

Remote

Degree Required

Ready to Apply?

Apply Externally

You will be redirected to an external site to apply.

Bitsight Technologies, Inc.

Visit Website

About Bitsight Technologies, Inc.

Bitsight Technologies provides cyber-risk ratings and security performance management software that continuously assesses the security posture of organizations worldwide. Founded in 2011 and headquartered in Boston, the company ingests billions of externally observable data points to generate objective, evidence-based risk scores. These ratings help enterprises, insurers, and government agencies benchmark vendors, underwrite cyber-insurance, prioritize remediation, and comply with regulations. The platform integrates with GRC, procurement, and third-party risk workflows, translating technical findings into business-level metrics.

View Company Profile

Get more remote jobs like this

Subscribe to the weekly newsletter for similar remote roles and curated hiring updates.

Weekly remote jobs and featured talent.

No spam. Only curated remote roles and product updates. You can unsubscribe anytime.