GRC Analyst to support IS GRC functions and support client audits, compliance certifications and other Information Security GRC related tasks.
This role reports to the Sr. Manager, Governance Risk & Compliance and will assist in the management of all aspects of corporate compliance and risk management, third-party vendor management, and operational monitoring to ensure that the organization's Information Security policies and procedures are implemented and well documented, and that compliance issues are identified and remediation plans formalized in a timely fashion.
Takes a lead role in the development and execution of the internal IT compliance testing program. This includes: risk assessments, internal IT controls and compliance reviews; and remediation testing of issues identified during third-party assurance reviews or internal assessments.
Serve as company representative with clients and partners, responding to security questionnaires and managing audits
Administers ongoing IT compliance monitoring and governance activities.
Advises internal business clients on the effectiveness of corrective action plans in the event of non-compliance or detected vulnerabilities in their environment.
Contributes to various project requests from functional teams to increase operational efficiency, strengthen IT environment, and help meet the company's internal and external regulatory or compliance requirements.
Performs ad-hoc compliance requests or additional duties as assigned
BS, BA in Information Technology, Computer Science or other related Business/Technology/Analytical studies
CISA or similar certification preferred
Prior experience conducting internal and external risk assessments and providing guidance to functional teams with the implementation, monitoring, and reporting of control processes, documentation, and compliance measures and / or remediation items and implementing and enforcing policies and procedures
Experience with ISO 27000, SSAE16, PCI DSS, EI3PA, HIPPA, or similar
Experience interpreting industry and regulatory requirements and authoring supporting controls.
Experience performing third party assurance assessments
Excellent client relationship and customer service skills, with a clear client focus
Strong project management skills
High degree of independence and exceptional work ethic with a team player attitude and a solution oriented mind
Familiarity with core IT and Information Security Technologies
Exceptional interpersonal, written and oral communication skills
3+ years of experience in IT compliance, security, internal controls or risk management
Other (Travel, Attendance, Physical Requirements, Testing, Training):
Periodic travel may be required
In exchange for your expertise, HireRight offers an excellent employee benefit package which includes:
Paid Life/AD&D Insurance
Voluntary Life Insurance
Short & Long Term Disability
Flexible Spending Accounts
Generous Vacation and Sick Program
10 Paid Holidays
Education Assistance Program
Business Casual Attire
Generous Referral Program
Employee Discounts and Rewards
And much more!
*All resumes are held in confidence. Only candidates whose profiles closely match requirements will be contacted during this search.