GRC Analyst / Multi-Tenant Access Control & Role Governance Analyst
Role: GRC Analyst / Multi-Tenant Access Control & Role Governance Analyst Location: Remote – (EST support) Job Type : C2C or W2 Role Overview: The Multi‑Tenant Access Control & Role Governance Analyst will play a critical role within the Governance, Risk, and Compliance (GRC) organization, supporting Organization’s transformation from a single‑tenant to a secure, compliant, multi‑tenant platform. This role will focus on strengthening SOX compliance, defining and governing Role‑Based Access Control (RBAC), and establishing scalable access governance processes that enable secure growth while maintaining business agility.
Key Responsibilities
- Lead the evolution of access control from a single‑tenant to a multi‑tenant architecture, ensuring security and compliance are built in by design.
- Drive remediation of SOX compliance gaps related to access control and role governance.
- Serve as a primary contributor to the
Role Discovery and Governance Program , including analysis, documentation, and rationalization of 200+ existing roles.
- Collaborate with GRC, Security, Engineering, and Product teams to design and maintain a centralized
Role Catalog as a single source of truth.
- Document business purpose, ownership, access usage, and entitlement consumption for each role to eliminate ambiguity and enable future RBAC migration.
- Design and help implement a formal governance framework covering the full role lifecycle (creation, modification, review, deprecation).
- Analyze the current role landscape to identify opportunities for role simplification, consolidation, and retirement of redundant or inactive roles.
- Partner with business process owners and engineering teams to embed compliant access controls into system and process design.
- Support internal and external audits, including SOX audits, control testing, evidence collection, and remediation of findings.
- Act as a trusted advisor on IAM, role governance, and access risk in a fast‑scaling SaaS environment.
Required Skills & Experience
- 3–5 years of experience in Information Security, GRC, or IAM roles.
- Strong hands‑on experience with
Identity and Access Management (IAM) and Role‑Based Access Control (RBAC) .
- Direct, demonstrated experience supporting
SOX compliance , audit readiness, and control remediation.
- Experience analyzing and documenting access models, roles, and entitlements across complex platforms.
- Ability to communicate complex security and risk concepts clearly to both technical and non‑technical stakeholders.
- Proven track record of cross‑functional collaboration with Engineering, Product, Security, and business teams.
- Strong analytical and investigative skills with the ability to identify root causes and drive remediation plans.
- Ability to balance security, compliance, and business needs with a pragmatic, solution‑oriented mindset.
Nice‑to‑Have Skills
- Experience working in
SaaS or multi‑tenant platform environments .
- Familiarity with governance and control frameworks such as
NIST, COSO, or ISO 27001 .
- Prior experience building or migrating to a centralized RBAC or IGA solution.
- Exposure to cloud platforms, modern application architectures, or security tooling.
- Experience supporting regulated or publicly traded companies.
Impact & Value
- Strengthen Organization’s SOX compliance posture and audit readiness during a critical platform transformation.
- Enable secure, scalable, and compliant access control for a growing multi‑tenant environment.
- Reduce access risk and operational complexity through improved role clarity, governance, and standardization.
- Build a strong foundation for future RBAC and identity governance initiatives.
- Directly contribute to customer trust, regulatory confidence, and long‑term platform resilience.
Apply tot his job Apply To this Job