GRC Business Analyst

Our Senior GRC Business Analyst will focus on facilitating the review, development, implementation, and documentation of policies and processes, guiding towards continuous compliance with industry laws, regulations, and frameworks (i.e., SOC1, SOC2, HITRUST, ISO9001, ISO 20000, ISO 22301, ISO 27001, GDPR, etc.).

Responsibilities:

• Directly responsible for procedures and controls to ensure compliance and applicable regulatory and legal requirements, as well as good business practices.
• Reviews business processes for overall effectiveness, articulates risks, and assesses adequacy of mitigation protocol associated with the internal controls system.
• Participates in data collection, validation, and reporting as part of regular compliance activities.
• Keeps well-informed of and analyzes new and pending laws and regulations, providing technical support and guidance to affected business units.
• Researches and develops the steps needed to test and/or monitor compliance requirements with applicable policies and procedures, in conjunction with defined and pending laws and regulations.
• Assists with fulfillment of security and quality related customer and vendor questionnaires and surveys as needed.
• Manages attestation of compliance requirements, with ability to interface and coordinate activities with external audit resources, as necessary.
• Provides regulatory subject matter expertise in compliance framework, solutions and requirements that are currently or reasonably expected to be used as part of solutions and services provided by their assigned business unit.
• Ensures compliance with corporate security program, policies, standards, and guidelines.
• Provides periodic compliance risk assessments, highlighting priority issues and suggested corrective actions.
• Assists with various deliverables associated with change management and other process excellence initiatives.
• Defines and delivers appropriate IT compliance metrics, analytics, and scorecards/dashboards.

• Bachelor’s Degree (or higher) in a related field preferred (or equivalent experience)
• 6+ years of risk and compliance related experience
• 6+ years of technology management related compliance experience
• History of documenting risk methodologies, maintaining risk registers, and initiating risk assessments for applicable environments.
• Proven ability to identify, generate, and maintain metrics used to demonstrate relative risk and justify program growth expectations.
• Knowledge of the latest information security standards, privacy laws, and regulations to ensure compliance both with internal security policies and external compliance requirements.
• Experience using governance, risk, and compliance software is a plus.
• Astute attention to detail is essential.
• Successful track record of working with technical internal customers both independently and concurrently to achieve business goals and meet requirements.
• Ability to effectively communicate compliance status and risks to the Director of Governance, Risk and Compliance, in business terms, and to applicable stakeholders.
• Articulates the value of security controls and their potential business impacts.
• Advanced presentation, program management, and relationship management skills.
• Strong risk analysis, customer service, problem solving, and consulting skills.
• Professional with ability to properly handle confidential information.
• Ability to prioritize and handle multiple tasks concurrently to meet deadlines.
• Ability to work within a matrix organization.
• Excellent written and verbal communication skills.