Risk & Compliance Analyst

About The Position

Requirements

• High School diploma/GED required; bachelor’s degree preferred
• 0-2 years of experience supporting documentation, process improvement, or related analytical activities preferred.
• Strong attention to detail, organizational skills, and a willingness to learn are essential
• Understanding of fundamental privacy, security, and IT concepts (access controls, data retention, data privacy)
• Computer literacy with MS Office products, and ability to grasp proprietary software
• Demonstrated ability to manage multiple competing tasks
• Ability to follow policies and procedures

Nice To Haves

• Curiosity, energy, and a solutions-first attitude
• Thrives in a fast-paced environment
• Genuine desire to help others
• Team oriented mindset, with a strong sense of care and urgency
• Desire to embrace our core values: Client Focus, Results, Responsibility & Accountability, Collaboration and Innovation.

Responsibilities

• Review, maintain, and improve third party risk management program
• Evaluate new and existing vendors against established risk criteria
• Assist in the maintenance of standards and documentation. Review and recommend changes to policy and procedure
• Gather input from team members; draft and submit responses to risk assessment questionnaires and Requests for Proposals (RFPs)
• Support in the review of client contracts and track internal contract requirements
• Assess potential privacy incidents and process Data Subject Access Requests (DSARs)
• Coordinate collection and organization of evidence for internal and external audits (SOC2, ISO 27001, ISO 27701, ISO 42001)
• Assist with the review and improvement of GRC’s privacy and compliance initiatives

Benefits

• A comprehensive benefits package, including a 401K match