Security GRC Analyst I

Responsibilities

• Security Awareness
• Support administration of AvidXchange's security awareness and phishing simulation program in KnowBe4, including training assignments, campaign design, and coordination.
• Assist with building creative cybersecurity awareness communications, campaigns, and recurring outreach activities designed to engage a wide range of teammates and cyber knowledge levels.
• Monitor participation, phishing, and engagement metrics to measure program effectiveness and identify improvement opportunities.
• Contribute to ongoing enhancement of awareness content to keep training engaging, relevant, and aligned with emerging threats.
• Enhance and support our Security Champion Program to empower security-focused individuals to make a difference in their team.
• Risk, Assessment & Audit Support
• Assist with cybersecurity risk assessments, audits, and third-party/vendor reviews.
• Coordinate assessment and audit efforts through documentation, evidence gathering, and cross-functional collaboration.
• Track remediation items, risk findings, audit observations, and follow-up efforts across teams.
• Metrics, Reporting, & Communications
• Develop and maintain cybersecurity metrics, dashboards, and reporting tailored to technical teams, leadership, and executive audiences.
• Create visualizations, presentations, and other deliverables using tools such as Power BI, Excel, and PowerPoint.
• Coordinate recurring reporting activities related to risk committees, audits, awareness initiatives, and operational metrics.
• Analyze data to identify meaningful trends, gaps, and opportunities for program improvement.
• General GRC Operations
• Maintain cybersecurity documentation, policies, standards, repositories, and other governance materials.
• Assist with customer and vendor due diligence activities, including questionnaire responses, customer assurance communications, and trust center maintenance.
• Coordinate business continuity and incident response preparedness efforts, including tabletop exercises and related operational initiatives.

Requirements

• 1 - 3 years of experience in cybersecurity, including exposure to one or more of the following areas:
• risk management (including third-party/vendor)
• compliance and control frameworks
• audit and assessments
• security awareness programs
• reporting, analytics, or operational support functions
• Experience developing reports, dashboards, presentations, or visualizations using tools such as Excel or Power BI.
• Strong verbal and written communication skills, with the ability to communicate effectively with technical and non-technical stakeholders.
• Strong analytical and problem-solving skills, with the ability to identify risks, organize information, and support risk and compliance efforts.
• Excellent organizational skills, with the ability to manage multiple priorities, deadlines, and cross-functional initiatives.
• Comfortable working collaboratively across technical, operational, and business teams.
• Familiarity with industry frameworks and regulations (e.g., NIST, NYDFS, SOC 1/2, PCI, ISO 27001) and comfort mapping controls to requirements.
• Experience with or exposure to LogicGate or other GRC/TPRM tools.
• Self-motivated and curious, with interest in cybersecurity, risk management, and evolving industry trends.
• Relevant certifications such as Security+, ISC2 CC, CISA, or similar certifications are preferred.
• About AvidXchange
• A go-getter with an entrepreneurial mindset - that means you are not afraid of taking risks, winning big or facing the unk

Benefits

Additional Information

Job Overview: As a Security GRC Analyst I , you will play an important role in supporting and strengthening AvidXchange's information security governance, risk, and compliance program. You will collaborate with teams across the organization to support audits, security awareness initiatives, reporting, risk assessments, and related compliance efforts. This role will contribute to a broad range of operational GRC activities, helping improve cybersecurity visibility, risk management, and program maturity across the organization.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at avidxchangeinc? Share your experience