Governance, Risk & Compliance Analyst I

Description

Job Summary: The Governance, Risk, & Compliance Analyst I will assist the team in the completion of audits, identification and reporting of all security issues, prioritizing threats, and confirming threats have been mitigated in accordance with company standards. This position will assist the Chief Information Security Officer and the GRC Team Lead in processing documentation, facilitation, remediation planning, risk management, and systems implementation coordination to meet the audit, control, and compliance requirements. Additionally, they will be training others on security best practices and ensuring all security and policy training is updates and completed by all staff. GSI is a highly dynamic environment and as such the successful employee will adequately manage competing priorities in a growing department. GRC analysts ensure that the organization is adequately aligning with the information security frameworks.

Key Responsibilities

• Audit Support: Collaborate with internal and external audit and operational teams, providing documentation and evidence to demonstrate compliance and adherence to governance standards
• Risk Assessment: Conduct comprehensive risk assessments to identify potential threats and vulnerabilities within the organization’s operations and platform
• Compliance Monitoring: Monitor and track regulatory changes, ensuring compliance with all relevant laws, standards, and industry regulations. Serve as the lead for one audit coordinating the gathering and submission of evidence/documentation to achieve or maintain certification status for GSI
• Policy Development: Assist in developing, implementing, and revising corporate policies, plans, procedures, and standards to align with best practices and compliance requirements. Also assist in SSP creation and updates as changes happen to regulatory requirements
  
  

Requirements

Work Experience / Knowledge:

• Knowledge of Industry Standards, e.g., ISO 17799/27001, FISMA/FedRAMP/StateRAMP, NIST Publications, and other Industry Related Security Standards
• Experience managing multiple competing priorities in a fast-paced SaaS environment
• Experience managing third-party security services, application vendors, evaluate new vendors and services
  
  

Qualifications / Certifications

• Bachelor’s Degree or equivalent combination of education and experience
• Industry certifications such as GRCP, CRCMP, or CCEP are strongly preferred
• Strong understanding of fundamental information security concepts and technology
• Ability to excel in a fast paced and rapidly changing environment
• Strong work ethic with attention to detail
• Excellent communication and interpersonal skills to work effectively with cross-functional teams and external stakeholders
• Detail-oriented with a commitment to maintaining the highest standards of integrity and ethics
• Strong organizational skills and the ability to prioritize and manage multiple tasks efficiently
• Adaptability and the capability to stay current with evolving regulations and industry trends
  
  

Special Requirements

• May also be assigned various projects and tasks as needed
• Hours: Day shift. Evening and weekend hours may be required
  
  

Equal Opportunity Employer. M/F/D/V