Job Description
Description:
The governance analyst is in charge of ensuring that IT and Security policies, processes, technologies, and assessments are aligned with the governance, risk, and compliance (GRC) framework of the organization.
The analyst verifies compliance and adherence to the organization's IT policies and procedures and participates in activities related to the creation, implementation, compliance, and adherence of these policies and assessment activities. This position will also oversee the reporting, tracking and validation of IT Change Management procedures and Business Continuity and Disaster Recovery (BCDR) testing processes.
Some of the daily tasks:
- Report on IT GRC program and compliance with policies and regulations. Assess IT control environment against frameworks (e.g., NIST, ISO, SOC, COBIT, ITIL, SOX, CCPA/GDPR).
- Advise on GRC aspects of products, practices, and procedures. Coordinate and track IT audits, evidence, and remediation. Ensure IT documentation is updated. Respond to audit findings.
- Manage GRC platform and produce metrics, reports, and dashboards. Implement IT strategy for audits and compliance checks.
- Review system user access and follow up with approvals and submissions.
- Evaluate GRC program strengths and weaknesses in privacy, security, resiliency, and compliance.
- Support third-party risk assessments and remediation. Report and investigate violations of rules and standards.
- Work with auditors to keep audit scope and remediation in line. Maintain good relationships with audit entities.
- Plan and test business continuity/DR
- Develop and deliver GRC training and guidance
- Protect system confidentiality
Required Skills & Experience
5 years in IT governance, compliance or risk
3 years of exposure to cybersecurity frameworks
3 years of experience auditing and governing policies and procedures
Findings management experience
Strong communication skills - meeting with stakeholders
Organizational skills
Capacity to understand legacy and progressive technology and security controls along with respective risk.
Up-to-date understanding of a wide range of incident response, system configuration, vulnerability management and hardening guidelines.
Nice to Have Skills & Experience
Project management background
Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.