GRC Analyst

About The Position

Requirements

• BS, BA in Information Technology, Computer Science or other related Business/Technology/Analytical studies.
• CISSP, CISA, CISM, CRISC, CPP(ASIS), ISO 27001 Lead Auditor, or similar certification.
• Prior experience conducting internal risk assessment workshops and providing guidance to functional teams with the implementation, monitoring, and reporting of appropriate risk treatment measures to drive conformity with policies and procedures, and establish effective internal controls processes.
• Extensive information security regulatory compliance experience: ISO 27001, PCI DSS, SOC 2, EI3PA, HIPPA, or similar.
• Experience interpreting industry and regulatory requirements and authoring supporting controls.
• Experience performing third party assurance assessments; AuditBoard experience for risk assessments and compliance management a plus.
• Excellent client relationship and customer service skills, with a clear client focus.
• Strong project management skills.
• High degree of independence and exceptional work ethic with a team player attitude and a solution oriented mind.
• Familiarity with core IT and Information Security Technologies.
• Exceptional interpersonal, written and oral communication skills.
• Has knowledge of technical discipline and work processes.
• Provides investigative, analytic or diagnostic services that affect a wide range of the unit’s activities and suggests improvements.
• Has good understanding of roles of the relevant functional groups within own area.
• Requires extensive training and experience to resolve a wide range of issues.

Responsibilities

• Independently evaluates and analyzes issues or recommendations for improvements in processes to mitigate risks and bring programs and operations into compliance with the goals and objectives of the Corporate Compliance Program and communicates results to management and other key stakeholders.
• Takes a lead role in the development and execution of internal Information Security risk identification and assessment program. This includes: risk assessments, internal project security reviews, coordination of risk treatment activities, and communication of assessment results.
• Serve as company representative with clients and partners, responding to security questionnaires and managing audits.
• Continually reviews and improves the risk assessment methodology, process, and procedures.
• Assists in developing and administering ongoing IT compliance monitoring and governance activities.
• Advises internal business clients on the effectiveness of corrective action plans in the event of non-compliance or detected vulnerabilities in their environment.
• Contributes to various project requests from functional teams to increase operational efficiency, strengthen IT environment, and help meet the company's internal and external regulatory or compliance requirements.
• Performs ad-hoc compliance requests or additional duties as assigned.

Benefits

• Medical
• Dental
• Vision
• Paid Life/AD&D Insurance
• Voluntary Life Insurance
• Short & Long Term Disability
• Flexible Spending Accounts
• 401K
• Generous Vacation and Sick Program
• 10 Paid Holidays
• Education Assistance Program
• Business Casual Attire
• Generous Referral Program
• Employee Discounts and Rewards
• And much more!