Governance, Risk and compliance- Analyst
SSC Technologies
Job Summary
The GRC Analyst supports Information Security Management System processes and SS&C’s ISO 27001 and SOC-2 certifications. This role involves contributing to IS policies, managing CAPA processes for audit findings, generating reports, handling client audit CAPA, and developing IS metrics. The analyst will also respond to security questionnaires, track remediation plans, maintain GRC tools like Archer and ServiceNow, coordinate client audits, and conduct Info Sec Risk Assessments.
Must Have
- Support Information Security Management System (ISMS) processes
- Support SS&C’s ISO 27001 and SOC-2 certifications
- Contribute to document IS Policies and SOPs
- Maintain Corrective and Preventive Actions (CAPA) process for audit findings
- Generate reports on CAPA items status
- Manage Client Audit CAPA
- Develop and implement IS metrics
- Respond to Security Questionnaires, RFI, and RFP
- Track and manage remediation plans for Internal and Client audits
- Maintain GRC tools like Archer and ServiceNow
- Coordinate Client Audits and Client PenTest audits
- Conduct Info Sec Risk Assessment
- Assist in the development and implementation of the ISMS program
- Contribute to implementation of ISO Program
- Perform ISMS Internal Audits as required
- Follow up with Auditee to implement identified CAP
- Effectively communicate and promote ISMS framework objectives
- Develop Information Security Audit related Metrics and Dashboards
- Effectively interact with multiple stakeholders
- Participate in Client Audits
- Apply quantitative and/or qualitative assessment methods
- Assist in facilitating creation, maintenance and tracking of ISMS standards
- Coordinate ongoing awareness and communication across the organization
Good to Have
- Certification in ISMS (ISO 27001)
- ISACA Certification like CISA
Job Description
GRC Analyst is responsible for supporting Information Security Management System processes and support SS&C’s ISO 27001 and SOC-2 certifications. With minimum 3 years’ experience in GRC domain. Further, this role supports:
ISMS Program
- Contribute to document IS Policies and SOPs
- Maintain CAPA (Corrective and Preventive Actions) process to remediate Audit findings
- Generate reports to provide status of CAPA items
- Manage Client Audit CAPA
- Able to develop and implement IS metrics
Respond to Security Questionnaires, RFI and RFP Tracking and managing remediation plans for Internal and Client audits Maintain GRC tools like Archer and ServiceNow Co-ordination of Client Audits and Client PenTest audits Be able to conduct Info Sec Risk Assessment
Responsibilities and Activities
- Assist in the development and implementation of the ISMS program
- Contribute to implementation of ISO Program
- Perform ISMS Internal Audits as required
- Follow up with Auditee to implement identified CAP and demonstrate improvement in Security processes.
- Effectively communicate and promote the objectives and processes involved in the ISMS framework.
- Develop Information Security Audit related Metrics and Dashboards
- Effectively interact with multiple stakeholders
- Participate in Client Audits
- Apply various quantitative and /or qualitative assessment methods to objectively evaluate achieved results
- Assist in facilitating creation, maintenance and tracking of ISMS standards and coordinating ongoing awareness, communication across the organization.
Required Knowledge & Skills
- Comprehensive knowledge of ISMS (ISO 27001) standards and policies;
- Good documentation Skills
- Good written and effective Communication skills
- Knowledge of Information Security Risk Management, risk mitigation, RTP
- Demonstrated ability to work effectively with teams to meet critical deadlines;
- Ability to effectively lead diverse and distributed teams in a collaborative manner;
- Analytical and interpretive skills;
- Ability to coach and mentor in situations where experience or expertise can be transferred to others;
- Ability to accept responsibility and accountability, and demonstrate a good sense of judgment;
- Comprehensive experience in GRC tool like Archer or ServiceNow;
- Organizational and time management skills;
- Project Management skills
- Skills in preparing documentation, and delivering professional presentations;
- Proficiency with standard business software tools required to carry out the range of roles (such as Microsoft Office, JIRA, Visio, and Project);
Educational Qualifications
- A Bachelor’s degree in Computer Science or Technical related degree;
- Minimum of five years progressively responsible and diversified experience in a complex and multi-disciplined organization, in the areas of Information Security and project management practices and processes;
- Certification in ISMS (ISO 27001) is desired
- ISACA Certification like CISA is desired.
11 Skills Required For This Role
Team Management
Ms Office
Timeline Management
Communication
Risk Management
Internal Audit
Risk Assessment
Risk Mitigation
Game Texts
Microsoft Office
Jira
Similar Jobs
Risk Management
Head of Risk, Brazil
1 day ago
Senior Consultant - Operational Resilience
1 day ago
Pricing & Risk Manager
1 day ago
Chief Actuary, Remote
1 day ago
Security GRC Manager
1 day ago
Senior Operational Risk Analyst - GCCA Remote
1 day ago
Senior Manager, Enterprise Risk Management
1 day ago
Risk & Trading Analyst II
1 day ago
AML Specialist
2 days ago
2026 Guardian Summer Intern, Underwriting
2 days ago
Finance & Legal
Director, CMC Regulatory Affairs
1 day ago
Anaplan Senior Associate
1 day ago
Senior Manager, Anaplan
1 day ago
Corporate Counsel
1 day ago
Senior Compliance Analyst, MiCA
1 day ago
Senior Manager, International Tax
1 day ago
Corporate Counsel
1 day ago
Finance Business Partner - OpEx
1 day ago
Finance and Accounts Executive
1 day ago
Director of Legal and Business Affairs
1 day ago