Governance, Risk and Compliance Analyst

About The Position

Requirements

• 2 to 5 years of relevant experience in an Information Security or GRC role.
• The ability to identify opportunities to reduce risk, detect and remediate vulnerabilities, and ensure compliance and audit readiness.
• Experience/understanding with regulatory frameworks and standards, including but not limited to: ISO 27001, ISO 27701, ISO 42001, AIUC, PCI DSS, NIST CSF, CIS Top 20, GDPR and/or CCPA.
• Basic technical understanding of cloud service platforms (AWS, Azure, etc.).
• Proficient in Microsoft Suite skills specifically Excel, Power Point, and Teams.
• Basic understanding and experience using AI tools such as ChatGPT, Claude, MS Copilot, etc.
• Experience leveraging GRC automation platforms.
• Strong analytical skills and the ability to understand and document complex business process data flows.
• Professionalism, attention to detail, strong organizational skills, team-focus, dedication, resourcefulness, and an eagerness to learn.
• Ability to manage multiple tasks and priorities while demonstrating time management skills and communication skills.
• Strong communication skills, with the ability to translate basic security concepts for both technical and non-technical stakeholders.

Nice To Haves

• Supporting certifications (e.g., CC, CGRC, CISA, CCOA, CGEIT, Associate CISSP, etc.)
• Experience performing DPIAs, Data Mapping, DSRRs and related privacy-focused activities.
• Supporting an ISO 27701 compliant environment.
• Experience with curating content and leveraging security awareness training platforms.
• Experience with managing work through ticketing systems and queues.
• Experience working with legal industry, SaaS, or enterprise clients on security compliance.

Responsibilities

• Ensure compliance assurance program control requirements are documented, and processes exist to validate the effectiveness of such controls.
• Collaborate with cross-functional teams to gather and validate compliance artifacts to fulfill internal and external requirements and obligations.
• Participate in annual and ad-hoc risk assessments with internal stakeholders.
• Participate in efforts to achieve compliance attestations/certifications such as ISO-27001, SOC 2 and PCI-DSS.
• Assist in identifying control deficiencies and track remediation efforts.
• Ensure that third party vendors meet Aderant security and compliance requirements through the collection and review of a combination of assessment questionnaires, artifacts and attestation documents.
• Support other governance activities such as: business continuity testing, data mapping and disaster recovery exercises.
• Participate in the coordination and execution of the security awareness training program, including (but not limited to) the creation of security advisories, and the facilitation of training activities and simulated phishing campaigns.
• Assist in reviewing and updating security and compliance policies and procedures, to ensure they accurately reflect business requirements and align to industry leading security practices.
• Assists with the formulation of information security metrics and dashboards that demonstrate adherence to defined KPIs.
• Respond to customer questionnaires pertaining to Aderant security, compliance and related posture; collaborate with other teams as-needed.