The IT Governance, Risk, and Compliance (GRC) Analyst will assist with maturing the IT GRC function by supporting the assessment and mitigation of key risks in our client's environment. The person in this role will work closely with individuals across the organization to understand business needs and recommend and implement new or enhanced requirements/controls. This role resides within the IT Governance team. 

Key responsibilities include:

Governance Management

·      Deliver training that meets compliance needs and educates users on policies, risks and best practices (New Hire Orientation, Privilege User Access, Annual Security trainings and Cybersecurity Awareness Month activities)

·      Develop/update new and existing IT policies and procedures

·      Assist with implementing and communicating IT policies and procedures

·      Support and enhance IT policies and processes for data security and privacy

Risk Management

·      Perform IT risk assessments and recommend risk mitigation strategies

·      Assist with development and management of insider threat risk mitigation controls

·      Assist with legal hold, eDiscovery, and inter-department data security investigations

·      Assist with maturing and managing third-party risk assessments

·      Identify recurring problems and risks and recommend proactive measures to eliminate

Compliance Management

·      Perform annual maintenance and audit of NIST Cybersecurity Framework (NIST CSF) across organization

·      Assist with implementing controls consistent with NIST CSF

·      Maintain awareness of laws, rules, and regulations governing IT risk, compliance, audit, privacy, and security in the environment

·      Incorporate global privacy laws and regulations (i.e. GDPR) for the markets in which our client operates

·      Provide assistance with regulatory and risk management activities across IT functional areas

·      Work with IT and business teams to ensure systems and application compliance

·      Assist with IT SOX Audit

Additional Activities

·      Contribute to creation and maintenance of the evolving GRC roadmap

·      Use market research, stakeholder feedback, and analytic data to understand business needs and identify new requirements

·      Remain current on emerging security and privacy risks (current and upcoming privacy legislation), trends, and technologies and share key findings with team

·      Implement and mature GRC software

·      Support projects focusing on control processes, documentation, and compliance routine

Building blocks for success

Required:

·      3+ years of experience in IT GRC, IT security, privacy and/or IT audit role

·      Experience with GRC tools/software

·      Experience working with the NIST CSF, HIPAA Privacy & Security rule, GDPR, other international and US state privacy laws

·      Experience with reporting and presentation tools (I.e. MS Excel, MS PowerPoint and others)

Preferred:

·      Bachelor’s degree in Information Security, Risk Management, Business or a related field

·      Professional certification(s) related to information security or information risk management (i.e. CISA, CRISC, CIPP/US/EU) or ability to acquire within 12 months of employment

·      Experience in producing efficiency through security control consolidation and mapping across various standards and frameworks

·      Experience in designing security controls that span multiple standards and frameworks

·      Strong understanding of eDiscovery searching capability

·      Meticulous attention to detail and accuracy

·      Excellent analytical, problem-solving and decision-making skills

·      Ability to present and work with all levels of management

·      Ability to handle complex issues

·      Effective communication, presentation, negotiation and influencing skills

·      Ability to build relationships with cross functional teams across organizational and cultural boundaries to achieve policy and process compliance

·      Ability to balance competing priorities with little management direction/support

·      Self-led learner

·      Ability to work independently in a fast-paced environment and manage a fluid workload

·      Show tact, discretion, confidentiality, and good judgement in handling sensitive and confidential matters and documentation

·      Strong adaptability to shifting corporate and regulatory environment

·      General knowledge of global privacy standards

·      General risk management and information security knowledge

·      Understanding of technical and organizational security vulnerabilities, threats and risks

·      Experience applying controls in a cloud environment

This is a full-time opportunity with excellent compensation and benefits package. The salary range for this position is $100,000-$145.000 per year.