Senior GRC Analyst - 26157

Description
At Enverus, we're committed to empowering the global quality of life by helping our customers make energy affordable and accessible to the world.
We are the most trusted energy-dedicated SaaS company, with a platform built to maximize value from generative AI, and our innovative solutions are reshaping the way energy is consumed and managed. By offering anytime, anywhere access to analytics and insights, we're helping our customers make better decisions that help provide communities around the world with clean, affordable energy.
The energy industry is changing fast. But we've continued to lead the way in energy technology, creating intelligent connections across the entire energy ecosystem, from renewables, power and utilities, to oil and gas and financial institutions. Our solutions create more efficient production and distribution, capital allocation, renewable energy development, investment and sourcing, and help reduce costs by automating crucial business operations. Of course, this wouldn't be possible without our people, which is why we have built a team of individuals from a diverse range of backgrounds.
We are currently seeking a GRC Analyst to join our Information Security team. This role offers the opportunity to join a rapidly growing company delivering industry-leading solutions to customers in the world's most dynamic and fastest-growing sector.
Performance Objectives

• Conduct enterprise and third-party risk assessments aligned with ISO 27001 and NIST frameworks.
• Maintain the enterprise risk register, ensuring clear ownership and timely remediation tracking.
• Support internal and external audits, including evidence collection and remediation management.
• Develop and maintain GRC policies and controls in line with SOC 2 and ISO requirements.
• Build risk reporting dashboards and communicate insights to leadership stakeholders.
• Collaborate with Engineering, Legal, and IT teams to embed risk management into operations.
• Evaluate and implement GRC tools and automation to improve scalability and efficiency.
• Apply AI-enabled solutions to enhance GRC workflows, including reporting, control testing, and vendor assessments.

Competitive Candidate Profile

• 3-5 years of experience in GRC, information security risk management, or IT audit.
• Strong knowledge of SOC 2, ISO 27001, and NIST frameworks.
• Hands-on experience with risk assessments, risk registers, and third-party risk management.
• Ability to analyse security artefacts (e.g. SOC reports, vulnerability data) and translate findings into business insights.
• Experience supporting audits and managing compliance documentation.
• Strong communication skills with the ability to simplify technical concepts for non-technical stakeholders.
• Proactive, self-driven, and comfortable working across cross-functional teams.
• Experience with AI tools or automation in GRC workflows is a strong advantage.
• Bachelor's degree in a related field; relevant certifications (e.g. CISA, CRISC, ISO 27001) are a plus.

This role is eligible for: Variable Compensation