Global Sr GRC Analyst

About The Position

Requirements

• Bachelor’s degree in Information Security, Risk Management, Computer Science, or related field, required.
• 4+ years of experience in GRC, risk management, or compliance roles.
• Strong understanding of GRC tools and platforms (e.g., RSA Archer, ServiceNow GRC).
• Familiarity with risk management frameworks (e.g., COBIT, FAIR) and compliance standards.
• Exceptional analytical, problem-solving, and organizational skills.
• Strong written and verbal communication skills, with the ability to interact effectively with stakeholders at all levels.
• Certifications such as CRISC, CISM, CISA or CISSP highly preferred.
• Attention to detail and ability to manage multiple priorities.
• Proactive mindset with a focus on continuous improvement.
• Collaborative team player who can influence without authority.

Nice To Haves

• Certifications such as CRISC, CISM, CISA or CISSP highly preferred.

Responsibilities

• Develop and maintain corporate policies, procedures, and frameworks to align with industry best practices (e.g., NIST CSF, SOX, PCI, etc.).
• Assist with the development and maintenance of GRC process and procedure documentation.
• Ensure IT functions are in compliance with best practices and company policies and standards through assessments (i.e. peer reviews, audits, etc.)
• Track key risk indicators and security metrics
• Assist with conducting gap assessments to identify threats, vulnerabilities, and potential impacts on the organization.
• Develop and maintain the risk register, ensuring risks are documented, prioritized, and mitigated.
• Perform third-party/vendor risk assessments to evaluate potential risks associated with external partnerships and perform on-going monitoring to assess risk of engagement.
• Maintain centralize documentation, continuous monitoring for vendors, formal escalation protocols for non-compliance to ensure alignment with enterprise risk tolerance.
• Document risk acceptance decisions and compensating controls
• Develop and maintain templates for consistent risk documentation
• Assist in evaluating cybersecurity risk on incoming projects.
• Assist and support team in performing cybersecurity due diligence on merger/acquisition targets.
• Ensure compliance with regulatory requirements (e.g., GDPR, HIPAA, SOX, PCI-DSS) and industry standards through monitoring and reporting metrics, security exceptions and using other methods to monitor compliance
• Drive compliance by maintaining the compliance framework to ensure policies and standards align to regulatory requirements, laws and best practices.
• Collaborate with business units to understand critical processes
• Educate stakeholders on risk management concepts and frameworks
• Partner with technical teams to validate remediation plans
• Present risk findings to appropriate governance committees
• Coordinate and collaborate with stakeholders to establish and track metrics for governance programs.
• Collaborate with stakeholders to monitor regulatory and industry developments to ensure compliance with changes.
• Coordinate and collaborate with stakeholders to track outcomes and metrics for all third-party breaches.
• Advise stakeholders on compliance requirements and incorporate new metrics into governance life cycle process, including new tools as they are onboarded.
• Coordinate the review of Policies and Standards through collaborating with stakeholders.
• Partner with IT, Legal, HR, and other departments to ensure alignment on risk and compliance efforts.
• Create and deliver regular risk and compliance metrics for senior leadership and boards.
• Serve as a subject matter expert (SME) for GRC-related queries and initiatives.