Governance and Compliance Analyst

Join to apply for the Governance and Compliance Analyst role at Elsevier.

Are you looking to utilize your compliance and governance expertise as a key member of our GRC team?

We are seeking an experienced Governance, Risk, and Compliance (GRC) Analyst to develop and implement our cybersecurity governance program and ensure compliance with information security standards and frameworks. The successful candidate will have a strong understanding of cybersecurity frameworks, risk management, and compliance standards, collaborating with cross-functional teams to align with business objectives and regulatory requirements.

This diverse team ensures adherence to GRC policies and maintains necessary protections.

• Design, implement, and maintain a cybersecurity governance framework aligned with industry best practices (e.g., ISO 27001, NIST, COBIT).
• Create, review, and update cybersecurity policies and procedures to ensure legal and regulatory compliance.
• Monitor compliance and prepare for audits and assessments.
• Establish enterprise-level security governance structures, roles, and responsibilities, with periodic reviews.
• Collaborate with IT, legal, and business units to integrate cybersecurity governance into overall processes.
• Drive certification efforts (ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 42001, FedRamp, StateRamp, TX Ramp, HIPAA, PCI, etc.) and report on risk initiatives to stakeholders.
• Resolve cybersecurity GRC issues.
• Act as a trusted advisor to stakeholders, aligning security goals across the enterprise.

• Experience designing and maintaining cybersecurity governance frameworks per industry standards.
• Experience creating and updating cybersecurity policies ensuring compliance.
• Experience with cybersecurity frameworks like ISO 27001, NIST, COBIT, and regulatory compliance.
• Experience managing enterprise GRC programs and defining controls related to compliance.
• Ability to develop and implement security programs.
• Strong problem-solving skills, leadership, and ability to troubleshoot complex issues.
• Excellent communication and stakeholder management skills.

• CISSP
• CISM
• CISA

We promote work/life balance with flexible hours, wellbeing initiatives, parental leave, study support, and sabbaticals.

• Medical, dental, vision coverage
• 401(k) with match and Employee Share Purchase Plan
• Wellbeing programs, Headspace subscription, Employee Assistance
• Disability, life, critical illness insurance
• Family benefits, including parental leave and adoption support
• Spending accounts and paid volunteer days

We are a global leader in information and analytics, supporting science and healthcare advancements. Our work contributes to societal challenges and sustainability, leveraging innovative technologies to improve health and research outcomes.

Elsevier is an equal opportunity employer. We ensure a fair hiring process and provide accommodations for applicants with disabilities. For support, contact us via the provided forms or phone number.

• Seniority level: Mid-Senior level
• Employment type: Full-time
• Job function: Legal
• Industries: IT Services and IT Consulting