Governance, Risk & Compliance Analyst

Location : Monterrey, N.L. (Hybrid – 2 days onsite) Employment type : Direct Hire – Full-time, with all benefits required by Mexican law Salary range : Competitive and negotiable based on experience Language : Bilingual (Advanced English – excellent verbal and written communication skills required)We are seeking a Sr.

GRC Analyst to play a key role in shaping the company's cybersecurity governance strategy.

This position will lead initiatives to strengthen security culture, ensure audit readiness, and enhance vendor governance.

The ideal candidate will operate with autonomy, influence cross-functional teams, and act as a subject matter expert in cybersecurity frameworks, risk management practices, and regulatory compliance.Key ResponsibilitiesCompliance LeadershipServe as the primary compliance representative at the corporate office.Promote accountability and proactive risk management across business units.Policy GovernanceOversee the annual review and update of internal policies aligned with frameworks such as SCF, PCI DSS, and ISO 27001.Collaborate with stakeholders to ensure policies are current, enforceable, and audit-ready.Audit & Vendor GovernanceLead coordination of external audit responses and annual vendor risk assessments.Ensure timely and accurate documentation while closing compliance gaps across SaaS platforms and third-party vendors.Security Awareness StrategyDesign and implement enterprise-wide cybersecurity awareness campaigns.Create targeted messaging and leverage innovative tools to reinforce secure behaviors and align with the company's risk posture.Cross-Functional CollaborationPartner with Legal, Procurement, IT, and business units to embed compliance into operational workflows.Reporting & MetricsMaintain executive dashboards with metrics on training completion, audit status, and vendor compliance.Provide insights and recommendations to leadership for continuous improvement.RequirementsBachelor's degree in Business, Information Systems, Cybersecurity, or related field.5+ years of experience in IT governance, risk & compliance, or audit.Strong knowledge of regulatory frameworks (PCI DSS, NIST CSF, ISO 27001) and GRC tools (e.g., OneTrust).

Excellent leadership, communication, and stakeholder management skills.Proven ability to manage complex projects, influence without direct authority, and drive cross-functional outcomes.English level : B2 (upper-intermediate).

BenefitsCareer development plan and continuous learning.Excellent work environment and flexibility.Direct client benefits.Direct hiring.Career development plan.

If you're looking for a place where professional growth goes hand in hand with quality of life, this opportunity is for you!