Security Governance, Risk & Compliance Analyst

ORION•Lehi, UT

1d•$87,448 - $133,873•Hybrid

About The Position

As a Security Governance, Risk & Compliance Analyst, you will support the Security and Governance department by maintaining and enforcing security and privacy policies, ensuring that they meet regulatory compliance requirements. As we continue to evolve and live our Orion values, we are looking for someone to grow with us. For Internal and External Candidates: Candidates must work in-office at the following location for at least 3 days per week: Lehi, UT In this role, you'll get to: Assist the Deputy Information Security Officer with policy enforcement and procedures review throughout the organization, including general security policies, manuals, and associated exception processes. Manage the Information Security Management System (ISMS) policy. Review and make updates as appropriate. Perform and maintain records of the review processes contained therein to achieve ISO 27001 compliance. Assist in the development and maintenance of any information security polices ancillary to the ISMS. Ensure Information Security SOC Controls are effectively managed and completed appropriately. Complete due diligence requests from both internal and external sources. Manage SaaS solutions utilized by the GRC team. Perform information security risk assessments on third party partners (eg. vendors, suppliers, etc.) Participate in all information security audit initiatives (e.g. ISO, SOC, etc.) Assist in enterprise-wide regulatory compliance initiatives. Engage business units to ensure governance and compliance policies and practices are followed and documented. Assist in the development, maintenance, and use of organizational-level security frameworks for incident response, business continuity and disaster recovery. Support the GRC program and promote a culture of security awareness throughout the organization.

Requirements

5 years of experience in Information Technology, with at least 3 years in Information Security required
Knowledge of security frameworks and compliance regulations. (ISO, SOC, NIST, GDPR, CCPA)
Ability to work with various departments to develop controls and procedures which meet the security and regulatory requirements of the organization.
Knowledge of enterprise security programs and the ability to support the business needs and balance them with security and regulatory requirements.
One of the following certifications or the ability to obtain within twelve months: CISSP, CCSP, CISA, CISM.
Ability to interface and collaborate with all areas of the organization
Owns and manages relationships with stakeholders directly and work effectively with people at all levels in an organization

Responsibilities

Assist the Deputy Information Security Officer with policy enforcement and procedures review throughout the organization, including general security policies, manuals, and associated exception processes.
Manage the Information Security Management System (ISMS) policy.
Review and make updates as appropriate.
Perform and maintain records of the review processes contained therein to achieve ISO 27001 compliance.
Assist in the development and maintenance of any information security polices ancillary to the ISMS.
Ensure Information Security SOC Controls are effectively managed and completed appropriately.
Complete due diligence requests from both internal and external sources.
Manage SaaS solutions utilized by the GRC team.
Perform information security risk assessments on third party partners (eg. vendors, suppliers, etc.)
Participate in all information security audit initiatives (e.g. ISO, SOC, etc.)
Assist in enterprise-wide regulatory compliance initiatives.
Engage business units to ensure governance and compliance policies and practices are followed and documented.
Assist in the development, maintenance, and use of organizational-level security frameworks for incident response, business continuity and disaster recovery.
Support the GRC program and promote a culture of security awareness throughout the organization.