Role Description

CastleHill Managed Risk Solutions analysts provide client support in the implementation and development of industry leading GRC systems for companies in highly regulated industries. We operate as partners in the truest sense, working daily as an extension of the client team in defining and delivering systems that meet or exceed expectations.

Below are some of the key areas of focus for a GRC Business Analyst:

  • Facilitating detailed process decomposition discussions
  • Acting as a liaison between the business and technical teams responsible for the delivery of functional systems
  • Managing the SDLC using an Agile methodology (Scrum)
  • Managing and participating in remote scrum meetings
  • Soliciting and documenting business requirements in the form of user stories
  • Documenting requirements and managing the backlog of user stories in each release
  • Developing test plans and scripts for QC and UAT
  • Participating in hands-on testing when required


Below are the types of qualifications we consider important for success.

Candidates are not required to meet all qualifications for consideration. 

  • Experience working in an Agile environment
  • Clear understanding of the SDLC
  • Superior ability to solicit and develop business requirements
  • Strong organizational skills
  • Excellent stamina (projects move rapidly)
  • Experience in the Banking, Financial Services or Healthcare industry
  • Understanding of risk and compliance in a regulated industry and the relationships between regulations, policies, procedures, and controls
  • Experience with industry standard GRC tools (for example, RSA Archer, MetricStream, Process Unity) in either a super user or developer role
  • Ability to work 90% remotely (work from home) with 10% domestic travel
  • Flexibility to work across time zones
  • Four-year degree from an accredited college or university

Submit resume to