GRC Analyst
Location: Remote
Duration: Long Term Contract
Requirement:
Support the execution of the Governance, Risk and Compliance Program.
Achieve objectives through the proactive evaluation and enhancement of the compliance program activities and controls that prevent or mitigate the impact of compliance risk manifestation.
Execute strategies that support the continued maturity of the SOX ITGC program by managing process/ control reviews, detailed testing of IT controls to ensure risks are appropriately identified, associated audit procedures are applied, related controls are designed and operating effectively, and recommend mitigation of identified risks.
Create and maintain IT process and controls documentation to support regulatory and contractual requirements (risk control matrix, process flowcharts, controls mapping, test procedures, key application process documents).
Assist in the maintenance of the security policy framework and relevant standards, monitoring applicable security, contractual and compliance requirements (e.g. CoBIT, ISO27001, GDPR, NIST, DPAs and local privacy laws) through strategy execution, controls definition and assessment, and process performance.
Report on compliance level and risk mitigation activities.
Support audit requests by external auditors and clients; review and validate appropriate evidence; ensure evidence submission meets deadlines.
Other duties as assigned.
Requirements:
Bachelor's Degree in a business-related field and/or equivalent years of education and experience working in a related field.
3+ years of experience / relevant work experience in IT Compliance, Information Security, Information Technology, Management Information Systems, Risk Management.
Experience with IT auditing and controls, gap analysis, IT risk management (3+ years).
Experience with testing SOX IT General Controls as well as application control concepts.
Strong knowledge of IT processes (change management, logical access, application controls, computer operations, security).
Experience with risk assessments.
Knowledge of IT governance policies and standards.
Strong knowledge of CoBIT, NIST, PCI-DSS, SOC, GDPR, ISO 9001, ISO 27001.
Skilled in information security risk programs, security policies & standards development and maintenance.
Strong analytical skills with the ability to identify issues and connect the dots across multiple process areas.
Proficient in process flow mapping and control documentation.
Familiarity with GRC management tool (i.e. LogicGate).
Strong written and verbal communication skills with the ability to engage and partner confidently with stakeholders across the organization.
Solid project management and organization skills and able to work effectively in a team.
Proficiency in Microsoft Office tools; especially in Excel to compile and manipulate raw data to analyze compliance to requirements.
Ability to prioritize multiple tasks in a deadline driven, dynamic environment.
Data analytic skills (a plus).