Senior IT Governance, Risk, and Compliance (GRC) Analyst at ePlus inc.

As a Senior IT GRC (Governance, Risk, and Compliance) Analyst, you’ll play a strategic role in shaping and maintaining the integrity of our IT risk and compliance landscape. You will lead the ongoing development and execution of the ITS GRC program, covering key areas such as IT General Controls (ITGC), audits, IT service management, risk assessments, data privacy, disaster recovery, and vendor risk management.

In this role, you’ll be a trusted advisor across the organization—driving best practices, identifying vulnerabilities, and ensuring our compliance posture remains strong and resilient. You’ll work with internal and external auditors to facilitate SOX 404 testing, coordinate remediation efforts, and provide enterprise-wide guidance, documentation, and project leadership to support the ePlus IT GRC framework.

YOUR IMPACT

The essential functions of this position include:

Audit Management

• Lead and coordinate ITGC/SOX 404 audits with internal and external audit teams.
• Manage special audit projects and ensure timely tracking and remediation of findings.

Vendor & Third-Party Risk

• Oversee vendor risk management for critical business services.
• Request and evaluate SOC reports; flag and escalate high-risk vendors to application owners and leadership.
• Maintain and update the vendor repository and associated dashboards.

Policy & Compliance

• Develop, implement, and manage GRC-related policies and procedures.
• Ensure company-wide compliance with relevant regulations and standards.

General IT Controls

• Lead coordination, testing, evidence collection, and continuous improvement efforts for:
  • User Access Reviews (UAR)
  • ITGC documentation and procedures
  • SOX 404 reviews and testing
  • SSAE 18 SOC internal and external reviews
  • Compliance certifications (e.g., CMMC DFARS, ISO 9001)

Risk Management

• Support the ongoing development and execution of the IT Risk Assessment program.
• Identify, assess, and monitor risks across the IT landscape.

Disaster Recovery Program

• Lead the development and execution of disaster recovery (DR) testing and documentation.
• Apply best practices from frameworks such as DRI International and stay current with industry trends.

QUALIFICATIONS

• Education: Bachelor’s degree in a related field (e.g., Information Systems, Computer Science, Business) or equivalent professional experience.
• Experience: Minimum of 5 years of hands-on experience in GRC Analysis, SOX 404 Audits, Vendor Risk Management, and IT General Controls within a mid-to-large sized organization. Experience working in a publicly held company and collaborating with IT auditors is strongly preferred.
• Risk & Compliance Expertise: Proven experience in vendor risk management and third-party risk assessment. Familiarity with compliance frameworks such as PCI/DSS, HIPAA, SOC 1/2, CMMC, and ISO 9001 is highly desirable.
• Technical Knowledge: Strong understanding of GRC principles, IT risk and controls, and IT audit methodologies.
• Tools & Systems: Experience with incident management and IT service management platforms (e.g., ServiceNow) is a plus.
• Collaboration & Communication: Ability to work cross-functionally across departments with excellent written and verbal communication skills.
• Time Management & Organizational Skills: Ability to manage multiple priorities effectively, strong organizational skills, and exceptional attention to detail.
• Customer Focus: Demonstrated customer-first mindset with a results-driven approach.
• Technology Proficiency: Skilled in Microsoft Office Suite (Word, Excel, PowerPoint, Outlook, SharePoint, Teams), Webex, internet research, and email communication. Familiarity with ServiceNow and Visio is a plus.
• Certifications: Industry certifications such as CRISC, CISA, CISM, COBIT, COSO, ITIL, or other relevant vendor certifications are a plus.

POSITION SPECIFICS

The initial base salary range for this position is expected to be between $80,000 and $105,000 annually. The final base salary offered will be determined by multiple factors, including, but not limited to, job-related knowledge, depth of experience, skills, certifications, and geographic location. In addition to base salary, our compensation package may include other components such as commissions and discretionary bonuses.

ePlus offers a full range of medical, financial, and/or other benefits (including 401(k) eligibility, employee stock purchase program and various paid time off benefits, such as vacation, sick time, and personal leave), dependent on the position offered. Details of participation in these benefit plans will be provided if an offer of employment is extended. ePlus Benefits highlights can be viewed here.

If hired, employee will be in an “at-will position” and the Company reserves the right to modify base salary (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.

Notice to Recruiting Agencies: ePlus only accepts unsolicited resumes when presented directly by a candidate. Unsolicited resumes submitted to ePlus from any other source will be considered ePlus property and will not qualify for any placement or referral fees. ePlus will only pay such fees in connection with a valid written agreement between ePlus and the referring agency, and then only after providing advance written approval to the referring agency to submit resumes in connection with a particular opportunity.

PHYSICAL REQUIREMENTS

While performing this role, you will engage in both seated and occasional standing or walking activities. We provide reasonable accommodations, in accordance with relevant laws, to support success in this position.

By embracing our values, you will contribute to our collective mission of making a positive impact within our organization and the broader community. We understand that this job description serves as a guide and is not an employment contract.

CORPORATE VALUES

Respectful communication and cooperation:  We prioritize respectful communication, fostering an environment where everyone is treated with dignity and respect.

Teamwork and employee participation:  Collaboration and teamwork thrive through diverse perspectives, both within our teams and in our interactions with our customers.

Work/life balance that supports our employees’ varying needs: We value the well-being of our employees, recognizing that a healthy work-life balance is pivotal to our collective success.

Embracing communities: We embrace and support the communities that nurture us. Our employees' dedication to fostering positive change is a source of immense pride for us.

COMMITMENT TO DIVERSITY, INCLUSION AND BELONGING

We are an equal opportunity employer that does not discriminate or allow discrimination based on race, color, religion, sex, sexual orientation, gender identity, age, national origin, citizenship, disability, veteran status, or any other classification protected by federal, state, or local law.

ePlus is dedicated to fostering, cultivating, and preserving a culture that represents diversity, enables inclusion, and makes our employees feel comfortable bringing their full, unique selves to work. 

#LI-MY1

#IND1