Senior GRC Analyst

About The Position

Requirements

• Proven experience in IT governance and policy development.
• Proven experience in implementing ISO 27001 and SOC 2 standards.
• Advanced knowledge of ISO 27001, SOC 2 Type 2, ITIL, and COBIT.
• Experience with internal and external security audits.
• Ability to structure risk management and regulatory compliance processes.
• Capability to map and implement continuous improvements in IT operational processes.
• Experience in defining and monitoring governance and security KPIs.

Nice To Haves

• Certifications such as ISO 27001 Lead Implementer/Auditor, CISM, CRISC, CISSP.
• Experience in the Cloud Computing or Technology industry.

Responsibilities

• Structure and implement IT governance processes, aligned with ISO 27001 and SOC 2 Type 2 standards.
• Define, review, and ensure compliance with information security and governance policies.
• Implement and monitor internal controls and audits to mitigate technology risks.
• Support the development of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).
• Define and track governance and information security KPIs.
• Collaborate with the Cybersecurity team to ensure regulatory compliance and mitigate cybersecurity risks.
• Support external audits and work on remediation of identified deficiencies.
• Ensure processes comply with data privacy regulations (GDPR, if applicable).
• Implement change management practices to ensure all system and process modifications are properly documented and approved.

Benefits

• Competitive salary and performance-based bonuses.
• Health, dental, and vision insurance.
• Professional development opportunities (training, certifications, conferences).
• A collaborative culture that values innovation and growth.