Governance, Risk & Compliance Analyst

Who We Are

Catalis is a leading government Software as a Service (SaaS) and integrated payments provider, powering a wide range of government operations at the municipal, county, state, and federal levels. Our innovative solutions are designed to streamline processes, enhance efficiency, and improve the delivery of government services to the public. At Catalis, we are committed to leveraging technology to make government interactions simpler, faster, and more accessible.

The Opportunity

We are seeking a detail-oriented and proactive Governance, Risk & Compliance (GRC) Analyst to join our security team. This role is ideal for candidates who are passionate about cybersecurity, eager to grow within the risk and compliance domain, and bring a strong analytical mindset. You will play a key role in supporting the implementation and maintenance of our information security awareness program and contribute to risk and compliance activities through effective data analysis and reporting.

What You Will Do

Security Awareness Program Administration:

• Manage and coordinate the delivery of employee security training and awareness content.
• Track and report on training completion rates and employee engagement.
• Assist in the development and scheduling of phishing simulations and awareness campaigns.

Metrics & Reporting:

• Collect, analyze, and visualize data related to compliance activities, risk assessments, and security training effectiveness.
• Generate regular reports and dashboards for management and audit purposes.

Policy & Procedure Support:

• Assist in maintaining and updating security policies, standards, and procedures.
• Help ensure internal processes are aligned with compliance frameworks (e.g., NIST CSF, PCI, SOC 2).

Risk & Compliance Activities:

• Support internal audits and assessments by gathering evidence and tracking remediation efforts.
• Maintain documentation for compliance initiatives and assist with vendor risk assessments.

What You Will Need to Succeed

• Bachelor’s degree in Information Security, Computer Science, Business, or related field — or equivalent on-the-job experience.
• 1–2 years of experience in a cybersecurity, GRC, or IT support role with some exposure to compliance and security operations.
• Experience managing or administering security awareness programs (e.g., KnowBe4, Wombat, or similar).
• Strong data analysis skills using Excel, Power BI, Tableau, or similar tools.
• Excellent organizational skills and attention to detail.
• Strong written and verbal communication skills.

Preferred:

• Familiarity with common compliance frameworks (NIST, ISO, SOC 2, PCI, etc.).
• Basic understanding of risk management principles.
• Industry recognized certifications related to risk management or cybersecurity (e.g. Security+, etc.)
• Experience working in a regulated or enterprise environment.
• Familiarity with GRC platforms or ticketing systems (e.g., ServiceNow, OneTrust, Archer).

What we Offer

• A dynamic and supportive work environment in a mission driven organization
• Competitive salary and benefits package, including health, dental, vision insurance
• Unlimited PTO (paid time off)
• HSA and FSA options
• 401(k) plan with matching contributions
• Paid parental leave
• ABLE matching contributions for the disability community
• Employer paid short term and long-term disability insurance and group term life insurance
• Financial and legal assistance through our EAP (Employee Assistance Program)
• Opportunities for personal development and career advancement with free access to unlimited courses via Udemy
• The chance to make a significant impact on the delivery of government services and the lives of citizens

EEO StatementWe are an equal opportunity employer and value diversity. We are committed to an inclusive environment for all. All candidates will be considered based on qualifications, merit, and business needs without regard to race, color, religion, national origin, age, non-qualifying mental or physical disability, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity or expression, veteran status, or any other characteristic protected by applicable law.