GRC Analyst (Regulatory Audits)

GRC Analyst (Regulatory Audits)

Job Description

As a GRC Analyst, you will support the risk management program and related processes across all aspects for the business. The GRC Analyst is responsible for assisting the Risk Manager with the day-to-day tasks of the risk management program, including compliance monitoring reviews and other key initiatives.

Responsibilities

• Coordinating and conducting periodic audits of internal controls, with a focus on regulated client industries, to ensure compliance.

Essential Functions

• Understand and maintain proficiency with NIST 800-171, NIST 800-53, NIST Cybersecurity Framework (CSF) and Service Organization Controls (SOC) 2 for Service Organizations: Trust Services Criteria including updates, organizational impacts, and practical use.
• Conduct internal control audits and monitoring of security controls, configuration standards, and procedures.
• Provide management with reporting results and metrics. Track remediation efforts and provide guidance regarding process and control gaps.
• Implement new processes and procedures to align with control frameworks.
• Perform recurring risk analysis on vendors, audit results, vulnerability testing and security assessments to identify security issues that could lead to compromised systems, loss of integrity, and/or disruption of availability.
• Assist with and participate in Security Policy, Business Continuity Plan, Disaster Recovery Plan, and Incident Response Plan updates, testing, remediation, and planning.
• Ensure the documents align with industry standards and business process changes.
• Interface with customers to prepare information request responses regarding our policies, procedures, compliance standards, environment, etc.
• Maintain control and risk registers and provide guidance to owners.
• Assist with the creation and administration of security awareness programs and educational efforts. Track employee compliance with issued programs.
• Compile data and prepare reports for management, security leadership team, and security team.
• Accurately maintain and comply with documentation, communication, time entry, and administrative procedures in a timely manner.

Qualifications

• Bachelor’s degree in business or technology related fields and three years’ experience in information security, risk management, audit, or compliance; or an equivalent combination of education and experience.

Required Skills

• Knowledge of basic cybersecurity principles