GRC analyst

About The Position

Requirements

• Minimum three (3) years of recent relevant experience in information security, IT risk management, or cybersecurity compliance.
• Experience in governance, risk assessments, and regulatory compliance (e.g., SOX, SWIFT, HIPAA, or similar).
• Experience conducting third-party risk assessments and software implementation reviews.
• Understanding of Cybersecurity frameworks (CIS, NIST, etc.).
• Understanding of Cybersecurity requirements for legal and regulatory compliance, including Sarbanes Oxley (SOX), SWIFT, and other applicable federal regulations and statutes.
• Understanding of Cybersecurity reports and certifications (SOC2 type II, ISO 27001, etc.).
• Understanding of Cybersecurity concepts, controls, and safeguards.
• Must have intermediate to advanced communication skills in English (speak, read, and write).
• Demonstrated ability to collaborate cross-functionally with IT teams, auditors, vendors, and leadership.
• Strong communication skills with the ability to communicate effectively at all levels.
• Highly organized with an analytical mindset and attention to detail for evaluating and improving data quality and governance processes.
• Ability to work independently and with little supervision.
• Experience working in a team-oriented and collaborative environment.
• Ability to work a flexible schedule, extended hours, holidays, and/or weekends as needed.

Nice To Haves

• Ability to communicate at an intermediate to advanced level in Spanish.
• Bachelor's degree in Information Security, Computer Science, or a related field.
• Certifications such as CISA, CISSP, or CIPP.

Responsibilities

• Supports the key initiatives/projects focused on reducing technology risk, governance, compliance with policies and external regulatory compliance.
• Maintains updated the centralized GRC platform with required relevant information.
• Performs periodic security program gap assessments.
• Performs continuous security controls and safeguards audits to confirm and document compliance.
• Participates in addressing exception requests to information security policies and standards; works with internal IT and business focal points to document the request, identify business justifications and compensating controls, and present findings to IT Leadership for review and approval.
• Conducts information security vendor risk assessments and provides recommendations for system, network, and application design, implementation, and operational effectiveness controls.
• Works with IT teams to develop corrective action plans for identified findings from internal security controls assessments, vendor risk assessments, internal and external audits, or other security reviews; tracks remediation efforts to closure.
• Serves as subject matter expert to internal business and technology teams and security teams on risk management activities and industry best practices.
• Provides IT support for regulatory and compliance activities.
• Creates helpdesk support tickets.
• Keeps IT informed on tips and techniques that will enhance cyber security posture.
• Recommends security enhancements.
• Additional duties as assigned.