Governance Risk and Compliance

Get AI-powered advice on this job and more exclusive features.

The Information Security Governance, Risk, and Compliance (GRC) Analyst coordinates and performs Nordics security assessment functions and control testing reporting and activities in accordance with Nordics Internal compliance, regulatory and departmental policy and procedures. The GRC analyst maintains control metrics and provides recommendations for management’s consideration. This position ensures compliance with Nordic’s internal controls, regulatory and information security policies and procedures. The GRC analyst works with internal audit, external audits firms, and regulatory agencies to provide supportive documentation as applicable. The GRC analyst plays a supporting role in ensuring the security of all protected information collected, used, maintained, or released by Nordic.

RESPONSIBILITIES

The GRC analyst responsibilities will include, but are not limited to:

• Implements security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances Nordic’s business objectives.
• Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves Nordic’s security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
• Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
• Defines and documents business process responsibilities and ownership of the controls in the GRC tool.
• Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data and Protected Health Information (PHI).
• Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
• Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities.
• Assists other staff in the management and oversight of security program functions.
• Remains current on best practices and technological advancements and acts as Nordic’s technical resource for security assessment and regulatory compliance.
• Performs other related duties as assigned.

EXPERIENCE

• Proficient in AuditBoard strongly preferred.
• Applicable information security management, governance, and compliance principles, practices, laws, rules and regulations (HITRUST, ISO, NIST, SOC2, HIPAA, GDPR)
• Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
• Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
• Information systems auditing, monitoring, controlling, and assessment process;
• Risk assessment and management methodology.
• Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field required.
• 8+ years of experience in Governance, Risk, and Compliance roles.
• Certified in CISSP, CISM, or CGRC strongly preferred.
• Proven experience securing on one or more major cloud platforms (e.g., AWS, Azure, GCP).
• Working knowledge of scripting languages (e.g., Python, PowerShell) for automating tasks.
• Strong understanding of security principles and best practices (e.g., zero trust, least privilege).
• Excellent analytical and problem-solving skills.
• Meticulous attention to detail and accuracy.
• Effective communication and interpersonal skills.
• Ability to work independently and collaboratively within a team environment.

ADDITIONAL DETAILS

• Position is remote
• Ability to travel up to 10% of the time

Nordic is an equal opportunity employer. We are committed to creating an inclusive environment for all employees and applicants. We do not discriminate on the basis of race, color, religion, sex, national origin, age, disability, genetic information, marital or veteran status, or any other protected status under applicable federal, state, or local laws. We encourage individuals of all backgrounds to apply, including women, minorities, individuals with disabilities, and veterans.

• Seniority level
  Mid-Senior level

• Employment type
  Full-time

• Job function
  Information Technology
• Industries
  IT Services and IT Consulting

Referrals increase your chances of interviewing at Nordic Global by 2x

United States $70,000.00-$75,000.00 6 days ago

United States $150,000.00-$175,000.00 1 week ago

United States $175,000.00-$190,000.00 1 week ago

United States $104,000.00-$155,000.00 1 week ago

United States $110,000.00-$140,000.00 1 week ago

United States $110,500.00-$130,000.00 2 weeks ago

United States $86,400.00-$162,000.00 6 days ago

United States $75,000.00-$90,000.00 3 days ago

United States $130,000.00-$160,000.00 4 days ago

Illinois, United States $40.00-$42.00 3 weeks ago

United States $84,000.00-$118,000.00 6 days ago

United States $85,000.00-$95,000.00 1 week ago

United States $104,800.00-$173,600.00 2 weeks ago

United States $140,000.00-$200,000.00 4 months ago

Florida, United States $85,000.00-$90,000.00 1 week ago

We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.