Associate GRC Analyst

Country: USA

State: Michigan

City: Grand Rapids

Office Location: 901 44th Street SE - - - - -

Date posted: 12-Aug-2025

Business Function: Information Technology

Position Type: Full-Time/Regular

• Responsible for developing and executing security governance, risk, compliance, and privacy programs.
• Ensure that Steelcase meets its regulatory and customer compliance obligations, address security risks, support our information security programs, and foster a culture of security throughout the enterprise.
• Maintain policies, procedures, and standards for the organization, ensuring they are up to date, communicated, and accessible.
• Develop and maintain risk and compliance reports, dashboards, and metrics to effectively communicate organizational risk posture to stakeholders.
• Perform risk assessments and gather information for new technologies, in preparation for security control development.
• Coordinate with control owners and technical teams to implement controls. Identify deficiencies and track remediation progress.
• Continuously assess and improve the effectiveness, adequacy, and efficiency of controls and compliance monitoring and reporting.
• Conduct risk reviews and assessments of third parties and Steelcase affiliated organizations including dealers, suppliers, and acquisitions.
• Proactively identify and report vulnerabilities in technical infrastructure. Conduct continuous monitoring and drive risk resolution.
• Assess the capabilities of the organization to detect and respond to security events. Participate in, and document, incident response and tabletop activities to include post-incident remediation tracking.
• Ensure compliance with internal and external policies, controls, and regulations.
• Coordinate responses to internal and external audits ensuring timely resolution of compliance issues.
• Maintain awareness of changes in compliance standards, regulations, and industry best practices. Communicate impacts to relevant stakeholders.
• Promote security culture through training, testing, and security awareness communications and campaigns. Administer relevant technologies.
• Track training completion and effectiveness metrics.
• Other duties as assigned.

• Bachelor's degree in Computer Science, Information Security, Business, or a GRC-related field preferred.
• 1+ years of experience in an IT, security, GRC, audit, or similar role preferred.
• Basic knowledge of cybersecurity principles and frameworks.
• Strong project management skills, with the ability to lead and execute multiple cross-functional initiatives.

• Familiarity with security frameworks and compliance regulations such as NIST, ISO27001, COBIT, SOX, HIPAA, SOC2, PCI-DSS, CMMC is highly desired.
• Proven experience conducting risk assessments, managing compliance audits, and implementing GRC solutions highly desired.
• Experience with scripting automation, query languages, GRC platforms, and/or technical infrastructure knowledge highly desired.
• A passionate and pragmatic approach to GRC, delivering beyond "check the box" audit activities to maintain a strong security posture.
• Experience with vulnerability management tools and techniques is a strong plus.
• Experience developing training materials for large and diverse audiences in a corporate enterprise environment highly desired.
• Highly desired: Pursuing or having achieved relevant industry recognized certifications (e.g. CISA, CRISC, CISSP, Security+)

• Nurse and massage therapist onsite for employees
• Cell phone reimbursement monthly
• Employee assistance program, providing free counseling, financial resilience, and legal guidance
• Ongoing learning through Linkedin Learning