GRC Analyst

Direct Travel
Remote
Match Resume

About The Position

We are seeking a detail-oriented Governance Risk and Compliance (GRC) Analyst to join our Security and Compliance team. The GRC Analyst will work in a collaborative fashion with our internal teams and external partners to manage Security & Compliance risk. Our preference for this role is those who have solid experience in technology, information security or compliance, and have significantly contributed to SSAE18, SOC 2, Payment Card Industry (PCI) ROC and/or ISO 27001 audits. We're looking for team players who want to challenge themselves within a growing company, and are as comfortable talking with senior management about information risk, as they are with IT staff. Therefore, if you thrive in a dynamic environment, then maybe you are the one we’re looking for! This position is a remote position reporting to the Senior Director of Governance, Risk & Compliance Direct Travel is a leading provider of corporate travel management services. The company has been providing travel management for over 40 years, working with clients to develop highly customized travel programs. By leveraging both the expertise of its people and innovative solutions, Direct Travel enables clients to derive the greatest value from their travel program in terms of superior service, progressive technologies and significant cost savings. Direct Travel has offices in over 70 locations across North America and the UK and is currently ranked 12th on Travel Weekly’s Power List. For more information, visit www.dt.com.

Requirements

  • Direct experience with achieving successful annual PCI Compliance, SSAE18 SOC 2 attestations and/or ISO 27001 certifications
  • 1-3 years of experience leading information security audits with a preference for IS0 27001 and SOC 2 audits or assessments
  • 1-3 years of experience as an IT, security or compliance analyst, with experience developing security strategy and policy.
  • Experience authoring policies and procedures
  • Solid knowledge of ISO 27001, NIST 800-53, NIST 800-171, NIST CSF
  • Experience with full Governance, Risk Management and Compliance Lifecycle
  • Personal integrity
  • Self-motivated, self-disciplined, and self-governed. You hold yourself to a higher standard than others.
  • Highly consultative and collaborative nature.
  • Excellent communications and presentation skills, with the ability to convey complex technology concepts to non-technology stakeholders.
  • The discipline to work effectively from remote location.
  • Degree in computer science, information systems, information security, or a related discipline. Equivalent work experience will also be considered
  • Experience with Payment Card Industry (PCI) Compliance
  • Excellent analytical and stakeholder engagement skills
  • Strong organization and planning skills
  • Successfully pass background check
  • Must be able to lawfully work within the US and have unrestricted work authorization for US
  • Ability to travel up to 15% if required

Nice To Haves

  • Experience with the myriad of regulatory compliance frameworks (e.g., HIPAA, GDPR, CCPA, PII, PCI-DSS, SOX).
  • Certifications (e.g., ISO 27001 Lead Implementer, CISA, CISM, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP).
  • Familiarity with related standards (FISMA, HITRUST, CSF)
  • 1-3 years of experience with MSP or IaaS cloud-based solutions (O365, Azure)
  • Proven ability to manage projects across multiple functional areas in a complex and dynamic environment.
  • Able to provide resourceful, creative solutions

Responsibilities

  • Conducts audits of internal information security, compliance and privacy processes.
  • Ensures timely resolution to all audit and risk assessment findings or issues.
  • Manages OneTrust GRC reporting portal.
  • Appropriately communicates audit reports, gaps or recommendations to company management, and tracks any open concerns or questions to resolution.
  • Identifies potential technologies, processes or solutions that could improve the security posture of the company
  • Contributes to the development of security standards, access controls, and compliance requirements of applications, network infrastructure, servers and workstations.
  • Serves as subject matter expert regarding information security and compliance policy
  • Maintains awareness of current and emerging threat landscapes
  • Assists in reporting security & compliance metrics to management.
  • Supports additional audit and governance functions as assigned
  • Earns the trust and respect of the Direct Travel team.
  • Grows into a role with increasing responsibility

Benefits

  • Medical
  • Dental
  • Vision benefits
  • employee rewards and recognitions program
  • Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives, and Mental Health Support

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume

What This Job Offers

Job Type

Full-time

Career Level

Mid Level

Number of Employees

501-1,000 employees

Job Search Resources

Similar GRC Analyst job opportunities

GRC Analyst
Cyderes
Cyderes • Kansas City, MO13d • Hybrid
GRC Analyst
Cyderes
Cyderes • Kansas City, MO12d • Hybrid
GRC Cybersecurity Analyst
Plains All American
Plains All American • Houston, TX13d
Senior GRC Analyst
Cherry Bekaert Advisory
Cherry Bekaert Advisory • Raleigh, NC6d • Remote
Senior GRC Analyst
Cherry Bekaert
Cherry Bekaert • Aiken, SC8d • Remote
Associate GRC Analyst
Boingo Wireless
Boingo Wireless • Frisco, TX7d
Explore More Jobs

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service