Governance, Risk, and Compliance (GRC) Analyst

Location: Mexico


Requisition Number: 7726

Position Title: Governance, Risk, and Compliance (GRC) Analyst

External Description:

Who we are

Worldwide Clinical Trials (Worldwide), a leading global contract research organization (CRO), works in partnership with biotechnology and pharmaceutical companies to create customized solutions that advance new medications – from discovery to reality. Anchored in our company’s scientific heritage, our dedicated therapeutic focus on cardiovascular, metabolic, neuroscience, oncology, and rare diseases, is applied to develop flexible plans and solve problems quickly for our customers.

Our talented team of 3,000+ professionals span 60+ countries. We are united in cause with our customers to improve the lives of patients through new and innovative therapies.   

Why Worldwide

We believe everyone plays an important role in making a world of difference for patients and their caregivers. From our hands-on, accessible leaders, to our cohesive and supportive teams, we are committed to enabling professionals from all backgrounds and experiences to succeed. We prioritize cultivating a diverse and inclusive environment that continues to promote collaboration and creativity. We are proud to be a workplace where people thrive by being themselves and are inspired to do their best work every day. Join us!

What a Governance, Risk and Compliance (GRC) Analyst does at Worldwide

The Governance, Risk, and Compliance (GRC) Analyst plays a key role in Worldwide Clinical Trials' pursuit of maintaining a robust and compliant cybersecurity posture. Grounded in the principles of risk management and industry best practices, this role emphasizes the identification, assessment, and mitigation of potential cyber risks. Collaborating with diverse teams, the GRC Analyst ensures that the organization's policies align with industry standards and that business processes comply with these policies. As a dedicated member of the Cyber Risk & Governance team, the GRC Analyst seeks to foster a culture of cyber resilience and adherence to best practices throughout Worldwide Clinical Trials.

What you will do

  • Provide operational support for established procedures concerning Requests for Information, Audit Questionnaires, and evaluations of third-party risk.
  • Actively identify and catalog potential risks, drawing insights from assessments, threat intelligence, and business processes.
  • Execute qualitative and/or quantitative risk assessments, keenly calculating the potential impact and likelihood of identified risks.
  • Propose actionable risk mitigation strategies and liaise with relevant departments to facilitate their successful implementation.
  • Consistently prepare and present detailed reports encapsulating the organization's risk profile, highlighting key areas of concern and achieved milestones.
  • Work together with stakeholders to draft, refine, and finalize security policies that seamlessly align with industry standards, regulations, and organizational goals.
  • Conduct periodic reviews of existing policies, ensuring they stay current, relevant, and effective in the backdrop of a dynamic cyber landscape.
  • Assist in developing process for routine compliance checks across departments and systems, ensuring adherence to established policies, standards, and best practices.
  • Engage with business units, ensuring that drafted policies and standards are both clear and pragmatic, fostering a shared vision of cybersecurity excellence.

What you will bring to the role

  • A systematic and analytical approach to risk management, capable of discerning patterns and trends.
  • Adept at collaborating with various internal teams, demonstrating exceptional communication and interpersonal skills.
  • Keen understanding of the broader cybersecurity landscape, staying updated with industry standards, regulations, and best practices.
  • Commitment to fostering a culture of continuous improvement, always seeking ways to enhance Worldwide's cybersecurity posture.
  • Demonstrated proficiency in devising, maintaining, and validating disaster recovery strategies and plans.
  • Strong written and verbal communication skills, able to articulate complex issues in a clear and concise manner.
  • Professional working proficiency in English.

Your experience

  • Bachelor’s Degree or 4-year equivalent degree in IT, Cybersecurity, or a related field.
  • Minimum of 3 years of experience in cybersecurity governance, risk assessment, or compliance, preferably in a corporate setting.
  • Certified in Risk and Information Systems Control (CRISC), Certified Information Systems Auditor (CISA) or similar certification is beneficial. Aspiration or movement towards obtaining the CISSP certification is a plus.
  • Understanding of key industry standards, frameworks, and regulations pertinent to cybersecurity governance such as ISO 27001/27002 and CIS CSC.


We love knowing that someone is going to have a better life because of the work we do. 

To view our other roles, check out our careers page at more information on Worldwide, visit or connect with us on LinkedIn.








Employment Type: Regular

Community / Marketing Title: Governance, Risk, and Compliance (GRC) Analyst

Company Profile:

We’re a global, mid-size CRO that pushes boundaries, innovates and invents — because the path to a cure for the world’s most persist diseases is not paved by those who play it safe, but by those who take pioneering, creative approaches, and implement them with quality and excellence. We are experts, bright thinkers, dreamers and doers and, together, we are changing the way the world experiences CROs, in the best possible way.



 Worldwide Clinical Trials does not accept unsolicited resumes from 3rd party vendors

© Worldwide Clinical Trials 2023

We only accept resumes from staffing organizations with pre-approved contractual agreements. Please do not forward resumes directly to our hiring managers, jobs alias, or any other company location. Unsolicited resumes from employment agencies will not be considered and Worldwide is not responsible for any fees related to unsolicited resumes.