GRC Analyst jobs in United States
cer-icon
Apply on Employer Site
company-logo

Pillsbury Winthrop Shaw Pittman LLP · 4 days ago

GRC Analyst

positionNashville
timeFull-time
remoteOnsite
senioritySenior Level
date5+ years exp

Pillsbury Winthrop Shaw Pittman LLP is seeking a strategic and detail-oriented GRC (Governance, Risk & Compliance) Analyst to strengthen and scale their GRC capabilities. This role involves managing vendor risk, ensuring compliance with ISO 27001, and supporting firmwide risk reduction efforts while safeguarding sensitive data.

ConsultingFinanceLaw EnforcementLegalProfessional ServicesReal Estate
check
Growth Opportunities
check
H1B Sponsor Likelynote

Responsibilities

Lead the vendor security review process, including intake, risk assessment, documentation, and re-evaluation cycles
Collaborate with IT and Legal to embed security and privacy requirements into contracts and onboarding workflows
Maintain the vendor inventory and risk classification system; track remediation items and expiration of security attestations (SOC 2, ISO 27001, etc.)
Assess cloud platforms, SaaS tools, and third-party services against security, compliance, and privacy requirements
Coordinate responses to client security assessments, due diligence requests, and audits
Coordinate with attorneys, business development, and compliance teams to support contractual commitments
Maintain a centralized repository of audit evidence and standard responses using tools such as Loopio
Support the day-to-day management of our ISO 27001-certified ISMS, including control implementation and documentation
Assist in preparation for surveillance and recertification audits and maintain alignment with ISO 27001:2022 control requirements
Track risk treatment plans, control testing, and internal audit findings
Draft, update, and socialize firmwide security and privacy policies
Maintain a control library mapped across multiple frameworks including ISO 27001, NIST 800-171, CMMC, and client-specific standards
Support the intake and processing of exceptions to security policies, ensuring proper documentation and leadership awareness
Assist with maintaining the risk register, including identification, analysis, and tracking of risks and mitigations
Coordinate with internal teams during security incidents to ensure proper documentation, containment, and reporting
Administer employee training programs including mandatory awareness training and role-specific modules
Coordinate phishing simulations and follow-up education for at-risk users
Partner with Marketing and IT to drive behavior change through campaigns, posters, and communication
Maintain and optimize the GRC toolset (e.g., UpGuard, KnowBe4, Loopio)
Drive process improvements in risk assessments, audits, and reporting dashboards
Support annual penetration testing coordination and track remediation progress

Qualification

ISO 27001Vendor Risk ManagementSecurity GovernanceNISTGRC PlatformsSecurity+ CertificationCISM CertificationCommunicationOrganizational SkillsWriting Skills

Required

Bachelor's degree in information security, Risk Management, or a related field
5+ years of experience in security governance, compliance, or vendor risk management roles (legal or professional services industry preferred)
Proven experience conducting vendor security assessments and managing related compliance workflows
Deep understanding of ISO 27001 and common security/privacy frameworks (NIST, SOC 2, CMMC, GDPR, etc.)
Strong writing, communication, and organizational skills
Experience with GRC platforms and vendor risk tools

Preferred

Certifications such as ISO 27001 Lead Implementer, Security+ or CISM are a plus

Company

Pillsbury Winthrop Shaw Pittman LLP

twittertwittertwitter
company-logo
Pillsbury is one of the world’s foremost law firms, operating at the intersection of technology innovation, capital and government.
dateFounded in 1868
location
Palo Alto, California, USA
people-size1001-5000 employees
web-link
http://www.pillsburylaw.com

H1B Sponsorship

Pillsbury Winthrop Shaw Pittman LLP has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (10)
2024 (7)
2023 (9)
2022 (7)
2021 (3)
2020 (11)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Elina Teplinsky
Partner
linkedin
leader-logo
Ronald Fleming
Partner, Head of Emerging Companies
linkedin

Recent News

Business Wire
Donna Kelce and the Pillsbury Doughboy Reveal the 53rd Pillsbury Bake-Off® Contest Finalists Battling for Best Game Day Spread
2026-01-07
bloomberglaw.com
Pillsbury Winthrop is Sued by Texas Residents Over Data Breach
2025-11-21
Law360
Pillsbury Asks 2nd Circ. To Guard $4M Client Fee From SEC
2025-11-20
Company data provided by crunchbase