GRC Analyst Posting

Job Title

Position Overview

GRC (Governance, Risk, Compliance) Analyst 

The GRC Analyst will collaborate with security and risk management process owners, internal auditors, external auditors, and other stakeholders to assist in reviewing, monitoring, and resolving findings and IT related vulnerabilities and risks. This includes helping the team with the NIST Cybersecurity Framework and SOC 2 Compliance programs. By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards, and other GRC activities, the GRC Analyst will also contribute to the transformation of the company’s IT compliance program.  

Responsibilities: 

• Manage annual IT testing for internal and external audits, risk assessments, and regulatory, legal, and policy compliance 

• Lead preparation for annual IT testing activities 

• Working with Communications teams on dissemination of compliance policies 

• Technical writing and documentation of security and risk controls 

• Conduct IT Compliance training sessions to prepare for IT assessments  

• Collaborate with leadership on compliance-related concerns and present findings and suggestions to them 

• Ensure prompt turnarounds by supporting internal and external audit requests 

• Inform others about IT issues and shortcomings to ensure that remedial action plans are in place 

• Make suggestions for repeatable, quantifiable, and long-lasting remediation programs, and follow up on action plans until they are completed 

• Develop IT documentation for IT internal controls in consultation with IT, including IT process narratives, process flows, and documented control actions 

• Establish and sustain governance tools for risk and compliance to support IT compliance activities 

• Ensure compliance with the IT frameworks by helping IT control owners implement and validate controls for the processes of access management, release management, change management, and vendor management 

• Collaborate with IT stakeholders on how to efficiently adhere to IT standards and proactively reduce risks and vulnerabilities 

Position Requirements:  

Bachelor's Degree or equivalent work experience such as five years' experience in audit, security, or risk management related position in $100M+ companies. 

Exceptional written and verbal communication skills. 

Strong knowledge of and experience using ServiceNow or other CMDB. 

Experience using Tenable and Microsoft Defender or other equivalent vulnerability management tools. 

Strong knowledge of and experience using Microsoft Purview or other IT asset and data compliance tools. 

Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy. 

Adept at data queries, report writing, and presenting findings. 

Team player and the ability to work with minimal supervision. 

Competencies: 

Execute Action Plan 

Demonstrate Good Judgement 

Innovate 

Deliver Compelling Communication 

Learn Continuously 

Work Shift