GRC Analyst

Position Summary

The Governance, Risk, and Compliance Analyst is responsible for the tactical duties involved with an increasing number of audits, internal compliance checks and external assessment processes from customers and external auditors relating to effective security practices, ISO 27001/2, and SOC 2. The purpose of this position is to provide cyber security information in response to customer questionnaires, RFPs, as well as external audits. The GRC Analyst will work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the organization in its best light. Provide guidance, evaluation, and advocacy on audit responses. 

This role asks for candidates to be located in the Eastern Time Zone. 

Key Reponsibilities

• Fill out standardized security questionnaires based on existing policies and procedures.
• Keep Trust Center updated with current documentation, policies, and procedures.
• Perform compliance checks to ensure the rules are being followed. Execute the organization-wide information security compliance program, ensuring IT and product activities, processes, and procedures meet defined requirements, policies, and regulations.
• Assist in the develop and implementation of effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation and alignment with business objectives.
• Manage and maintain a registry of cyber security risks.
• Work with customers, external auditors, and outside consultants as appropriate on required security assessments and audits.
• Coordinate and track all information technology and security related audits including scope of audits, parties involved, timelines, auditing agencies and outcomes.
• Assist in the development and implementation of Business Continuity Planning and testing.

Skills and Experience Needed:

• Bachelor’s degree in Information Technology or other related field.
• 2+ years of IT experience with a high level of information security experience and expertise.
• Knowledge of securing network technologies, client, and server operating systems.
• Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
• Basic understanding of common security and privacy standards, regulations, and laws relating to a cloud software development company (e.g., SOC 2, ISO 27001/2, ISO 27701, GDPR).