GRC Analyst

About The Position

Requirements

• Bachelor’s degree in Information Systems, Computer Science or a related field, or relevant years of experience to substitute for a degree.
• 2–3 years of experience in a GRC role
• All applicants must be able to complete pre-employment onboarding requirements (if selected) which may include any/all of the following: criminal/civil background check, drug screen, and motor vehicle records search, in compliance with any applicable laws and regulations.

Nice To Haves

• Strong analytical, organizational, and communication skills
• Professional certifications such as CRISC, CISSP or others
• Exposure to and knowledge of privacy laws
• Experience with GRC platforms and risk management methodologies
• Ability to work independently and collaboratively as required+ Accountability in projects and tasks, following through to completion with minimum supervision
• Strong collaboration with IT teams
• Familiarity with regulatory frameworks and best practices (e.g., NIST, ISO 27001, CIS CISC, UK Cyber Essentials, CMMC, SCF)
• Proficiency in information security principles and concepts
• Attention to detail and critical thinking
• Ethical judgment and integrity
• Ability to manage multiple tasks and deadlines
• Strong interpersonal and stakeholder engagement skills

Responsibilities

• Collaborate with peer D&IT groups to collect KPI’s, KRI’s and drive efficiency through automation and other means
• Support establishment, collection, and ongoing improvement of metrics to measure effectiveness of cyber risk management and provide data-driven insight to decision makers and control owners
• Monitor regulatory and legal landscape at a global scale and maintain awareness of compliance requirements
• Review and monitor compliance to client contractual requirements related to data security, risk management/cyber resilience, and breach reporting
• Request and review documentation and evidence from control owners to certify and validate compliance to regulatory requirements
• Support independent certification and audit by working with D&IT peer groups and lines of business to collect documentation and evidence
• Contribute to policy development aligned with regulatory and contractual requirements
• Maintain and assist updating standards of practice documentation to be referenced by architecture and operations teams
• Participate in regularly scheduled governance forums and contribute process knowledge
• Actively participate in third party risk assessment process including reviewing input from third parties and offering opinion of risk factors
• Assist review of client security requirements in contracts and aggregate relevant clauses to inform contractual risk
• Leverage tools, including GenAI in a secure manner to gain efficiencies in delivery of functions
• Assist in conducting user training in SETA tool + help establish and optimize metrics and feedback with business stakeholders
• Support internal audit
• Assist with security certification/attestations/audits to demonstrate control effectiveness to independent service auditors/assessors and C3PAO’s
• Assist in development of risk mitigation plans and monitoring progress of actions.
• Collaborate with members of the GRC team to ensure timely and quality deliverables to internal and external consumers
• Organize, prioritize, and with input from team members, respond to incoming GRC related requests from IT and other business units

Benefits

• competitive compensation
• 401k match
• benefits that start day one
• medical, dental and vision insurances
• disability
• wellness program
• flexible work schedules
• paid vacation and holiday time
• sick time
• dependent sick time
• company-matched 401k plan
• adoption reimbursement
• tuition reimbursement
• vendor discounts
• employment referral program
• AD&D insurance
• pre-taxed accounts
• voluntary legal plan
• B&V Credit Union
• performance-based bonus program
• stock ownership