Governance, Risk Management, and Compliance (GRC)  Associate

SUMMARY

The Cybersecurity GRC Associate will play a key role in strengthening the security posture of a growing Alternative Investments firm. This early-career opportunity is perfect for a sharp writer, natural organizer, and clear thinker who can cut through complexity to drive real risk reduction. You’ll execute critical GRC activities, craft strong policies, translate technical requirements into practical guidance, and lead projects with minimal oversight. Highly collaborative and action-driven, you’ll work closely with internal teams and external partners to maintain security standards, assess risks, support incident readiness, and help the business move faster and smarter. 

As an onsite/hybrid employee, you are expected to be in the Chicago office on Tuesdays, Wednesdays and Thursday. 

KEY RESPONSIBLITIES  
 

Governance 

• Support the creation and maintenance of cybersecurity policies, standards, and procedures. 
• Align governance practices with frameworks such as NIST CSF and CIS Controls. 
• Participate in policy reviews, steering committees, and control effectiveness assessments. 
• Deliver cybersecurity awareness training and track engagement metrics. 
• Maintain GRC platforms for policy management, issue tracking, and reporting. 

Risk Management 

• Assist in identifying, assessing, and mitigating cybersecurity risks across internal operations. 
• Conduct risk assessments, business impact analyses, and support remediation planning. 
• Perform vendor risk reviews, including SOC report analysis and contract assessments. 
• Contribute to incident response planning, DR/BC testing, and post-incident analysis. 
• Help enhance and automate risk workflows using GRC tools and data. 

Compliance 

• Support compliance with cybersecurity laws and standards (e.g., GDPR, SOX, DORA). 
• Assist with audits by gathering evidence, responding to inquiries, and tracking remediation. 
• Monitor and maintain controls for data protection and compliance reporting. 
• Respond to RFPs, DDQs, and client security requests with accurate information. 
• Track regulatory changes and update compliance documentation as needed. 

EDUCATION, SKILLS AND EXPERIENCE REQUIREMENTS  
 

The ideal experience and critical competencies for this role include the following:  

• Bachelor’s degree in Cybersecurity, Information Systems, or a related field and 3-6 years of experience. 
• Foundational knowledge of cybersecurity, risk management, and frameworks. 
• Experience in cybersecurity, IT audit, GRC, or compliance, with exposure to governance tools. 
• Strong attention to detail, analytical thinking, and effective communication skills. 
• Comfortable working with both technical and business teams. 
• Preferred certifications: CompTIA Security+, ISC2 CC, GRCA. 

OUR CULTURE  

Technology, security, and risk management play a critical role at GCM Grosvenor, enabling our team members to make timely, data-driven, and risk-aware decisions in support of our clients. As stewards of $80B+ in assets, we prioritize building secure, resilient systems. Now is an exciting time to join the firm and the Alts industry as a cybersecurity and GRC leader, helping to safeguard a rapidly digitizing environment and enabling the safe adoption of transformative technologies, including AI-driven solutions.  

We are not afraid to think differently. We embrace new ideas, welcome change, and believe security and compliance are enablers of innovation; not barriers. Our culture is one of empowerment, accountability, high performance, transparency, and trust. Successful team members are self-motivated, proactive risk managers who thrive in a fast-paced environment alongside thoughtful, smart colleagues. We look for natural collaborators who can cut through complexity, build trust across the organization, and turn information into meaningful, actionable outcomes that protect and strengthen the business. 

Our cloud-first environment, hosted in AWS and Azure, requires a modern, agile approach to cybersecurity and risk management. As a GRC Associate, you’ll help embed security, compliance, and resilience into our technology and business processes. Working alongside engineering and business teams, you’ll support policy development, risk assessments, incident readiness, and control testing bringing a practical, action-driven mindset to a highly collaborative, fast-paced environment.