Governance and Compliance Analyst

Are you looking to utilize your compliance and governance expertise as a critical member of our GRC team?

About the role: We are seeking an experienced Governance, Risk, and Compliance (GRC) Analyst to lead the development and implementation of our cybersecurity governance program and maintain compliance with our information security standards and frameworks. The successful candidate will have a deep understanding of cybersecurity frameworks, risk management, and compliance standards, and will work collaboratively with cross-functional teams to ensure alignment with business objectives and regulatory requirements.

About the team: This diverse team is ensuring that the GRC policy landscape is being adhered to and ensuring that all necessary protections are in place.

Key Responsibilities:

1. Designing, implementing, and maintaining a comprehensive cybersecurity governance framework that aligns with industry’s best practices (e.g., ISO 27001, NIST, COBIT).
2. Creating, reviewing, and updating cybersecurity policies and procedures to ensure compliance with applicable laws and regulations.
3. Monitoring compliance with internal policies and external regulations and prepare for audits and assessments.
4. Establishing enterprise level security governance structure, charters, participants and roles, and perform periodic role reviews to ensure appropriate accountability is maintained.
5. Working closely with IT, legal, and business units to ensure cybersecurity governance initiatives are integrated into overall business processes.
6. Driving security-related certification efforts such as ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 42001, FedRamp, StateRamp, TX Ramp, HIPAA, PCI, etc.
7. Generating regular reporting including KPIs, metrics and SLAs reporting, executive reporting, and other ad hoc reporting as required by management.
8. Responsible for resolution of cybersecurity GRC issues.
9. Serving as a trusted advisor to the business and technology stakeholders across the enterprise to partner on security issues and stay aligned on common goals.

Requirements:

1. Experience designing, implementing, and maintaining a comprehensive cybersecurity governance framework that aligns with industry best practices (e.g., ISO 27001, NIST, COBIT).
2. Experience creating, reviewing and updating cybersecurity policies and procedures to ensure compliance with applicable laws and regulations.
3. Experience implementing cybersecurity and compliance related frameworks such as ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 42001, FedRamp, StateRamp, TX Ramp, HIPAA, PCI, etc.
4. Experience managing an enterprise cybersecurity GRC program. Experience in defining cybersecurity controls, particularly related to regulatory, legislative, and industry specific compliance requirements.
5. Ability to develop and implement security programs.
6. Advanced problem-solving experience involving leading teams in identifying, researching, and coordinating the resources necessary to effectively troubleshoot/diagnose complex project issues.
7. Advanced communication (verbal and written) and customer service skills. Strong interpersonal, communication, and presentation skills applicable to a wide audience including senior and executive management