Governance, Risk and Compliance Analyst

Job Description

The Cybersecurity-Governance, Risk and Compliance Analyst will work very closely with the GRC Manager to oversee our ISO 27001 and SOC 2 Type II certifications and evaluate additional security frameworks. This role will also take part in addressing customer assessment questionnaires and audits, both pre/post-sales.

Mandatory Skills:

• Work together with GRC Manager to Manage and sustain the company's multiple security certifications.
• Continuously review the ISO 27001 Information Security Management System to ensure compliance and annual recertification eligibility.
• Conduct risk assessments, maintain the risk register, report on risk, and work with various internal teams to mitigate risks across the organization.
• Proactively identify areas for improvement within the security program and lead efforts to address and remediate these areas.
• Manage the company’s vendor risk management program.
• Ensure organizational readiness for external audits.
• Manage pre- and post-sales customer assessment questionnaires and customer audits.
• Maintain comprehensive information security documentation, including policies, procedures, standards, guidelines, and diagrams.
• Recommend and implement policy and procedure changes in response to evolving security landscapes.
• Collaborate with various teams to integrate compliance and risk management processes into daily operations.
• Understand the role of systems and technology within the firm and their value to the business.
• Work with IT and business units to implement effective cybersecurity measures and integrate security practices into business processes.
• Assisting with data governance activities, producing data flow diagrams, and guiding information rights management/protection.
• Market the security program externally putting together collateral to speak to the robustness of the program.

Experience & Qualifications

• Computer Science Degree or substantial equivalent experience
• Experience with implementing and maintaining ISO 27001 program
• Experience with Third Party Security Assessment
• Experience with Customer Questionnaire and assessments
• Relevant industry certifications
• Experience working with IT and Security leadership to define & articulate security strategies and program plans.

Overall IT/Security Experience: 4 years

Role Specific Experience: 2 years

Who You Are…

Only those that possess the below qualities should apply, maintaining the status quo is not good enough, we are a team of people who are never done, we always strive to improve.

• Team Collaborator: Work across internal and external teams of all levels to proactively support the business
• Outcome driven: Pursue impactful initiatives that move the needle on SOC operational effectiveness
• Effective Communicator: Delivers complex information in a confident and convincing manner, appropriate to a diverse audience.
• Inquisitive: A propensity to find out why something is the way it is, look under the covers, see if it can be improved.
• Analytical: Gather data from multiple sources, find areas of weakness or risk and come up with solutions