Location - Los Angeles, Denver or New York
Under the direction of Business Applications Management, the GRC Analyst will partner across corporate, operations, and technology teams to ensure governance compliance. This includes implementing tools and practices to enhance our processes related to risk management, change management, disaster recovery, business continuity planning, controls assurance, and external auditor engagement. This also includes coordinating and performing security assessment functions, including internal audits, control testing, reporting and other activities in accordance with technology and governance policies and procedures. The GRCA is also responsible for ensuring that policies and procedures are well documented, regularly reviewed, approved, and aligned to business need and value and communicated throughout the organization. The GRCA will apply proven project management skills, communication skills, technical and problem-solving skills, process management/improvement, and knowledge of best practices.
Strategy & Planning
- Work closely with IT Management to establish repeatable practices and processes to maintain a balanced security, risk management and compliance control framework and socialize across the company and vendors to ensure compliance.
- Continuously review and modify technology and governance policies and procedures to improve compliance programs and processes.
Compliance and Audit Assessments
- Partner with appropriate business units to ensure appropriate operational, technical, data privacy, and SOD controls are implemented and enforced.
- Conduct and/or manage remediation projects, compliance testing and monitoring of current and future governance obligations, on schedule, as stated in corporate policies and procedures.
- Conduct internal security reviews, risk assessments and compliance audits.
- Partner with technology departments to identify risks, test controls and ensure risk/security finds are reviewed and remediations are implemented.
- Collect, analyze, and prepare reports required for senior management, auditors, and other relevant stakeholders to communicate final results of assessments, including recommendations for business process, information system practices, and control improvements.
- Act as the focal point for internal/external auditor activities and assessments and drive accountability and efficiency across all technology departments.
- Develop and maintain policy, plans, and strategy in compliance with corporate governance regulations, policies, and standards.
- Document, investigate, and report compliance issues and incidents, where necessary.
- Liaise with relevant parties to commission activities relating to contingency planning, business continuity management, and IT disaster recovery.
- Other duties as assigned.
- 5+ years of combined experience in information security, GRC, BCP/DR, and risk management with at least 3 years’ experience developing and implementing security compliance programs.
- Hands on security controls testing experience for business/web applications and corporate infrastructure systems
- Strong knowledge of relevant control frameworks, risk management processes, networking concepts and protocols, and network security methodologies.
- Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are a plus
- Familiarity working with and/or managing Governance, Risk, and Compliance (GRC) tools
- Ability to work both independently and collaboratively with peers, across teams, and with management
- Knowledge of cyber threats and vulnerabilities and specific operational impacts of cyber security lapses.
- Thorough understanding of project management principals and methodologies.
- Results oriented, high energy, and self-motivated.
- Very strong customer service orientation.
- Ability to present complex/technical situations in business-friendly and user-friendly language.
- Ability to work in a team-oriented, collaborative environment, as well as autonomically.
- Exceptional analytical, conceptual, and problem-solving abilities and keen attention to detail.
- Ability to handle multiple competing priorities and prioritize and execute tasks in a high-pressure environment.