Governance, Risk & Compliance Analyst

GENERAL JOB DESCRIPTION

The Governance, Risk, and Compliance (GRC) Analyst will be responsible for supporting the development, implementation, and maintenance of the organization's governance and risk management programs, with a specific focus on third-party risk management and technology risk. This role involves assessing risks associated with third-party vendors and technology systems, ensuring timely remediation, and promoting a culture of risk awareness throughout the organization.

MAJOR DUTIES AND RESPONSIBILITIES

• Governance:
• Assist in the development and implementation of governance frameworks and policies related to third-party and technology risk.
• Collaborate with various departments to ensure alignment with security governance standards and risk management practices.
• Monitor and report on security governance activities and compliance with policies.
• Assist in the development of training programs to promote awareness of governance policies, cybersecurity and risk management.
• Third-Party Risk Management:
• Evaluate and assess the risks associated with third-party vendors and service providers, focusing on their technology and data handling practices.
• Develop and implement third-party risk assessment processes and tools to identify and mitigate risks.
• Monitor third-party compliance with contractual obligations, regulatory requirements, and security standards.
• Technology Risk Management:
• Identify and assess risks related to the organization’s technology infrastructure, applications, and data management.
• Collaborate with IT and security teams to develop and implement technology risk mitigation strategies.
• Work with key stakeholders on maintaining and improving an effective enterprise risk register.
• Collaboration:
• Work closely with IT, legal, facilities, procurement, and compliance departments to ensure a cohesive approach to security governance, third-party risk, and technology risk management.
• Participate in cross-functional teams to address GRC-related issues.
  
  

Experience/Credentials

• Bachelor’s degree in Business Administration, Information Technology, Risk Management, or related field or equivalent experience.
• 3 years of experience in governance, risk management, compliance, third-party risk management, or technology risk management.
• Knowledge of relevant regulations and standards (e.g., SEC, HIPAA, ISO 27001).
• Relevant certifications (e.g., Sec , CC, CGRC, CISA, CRISC, or similar) are a plus.
  
  

COMPETENCIES

• Ability to work in a dynamic and fast-paced environment.
• Maintains absolute confidentiality of client information and safeguards client and company data; maintains high ethical standard in all practices.
• Eager to learn and advance in the cybersecurity and GRC fields.
• Strong communication skills, both written and verbal, to convey complex technical concepts to both technical and non-technical stakeholders.
• Self-motivated; able to work with minimal supervision.
• Knowledge of core business-enabling technology concepts (e.g. SaaS, Servers, Networks, Computers, Applications).
• Strong analytical skills to understand the ramifications of answers in questionnaires.
• Understanding of cybersecurity best practices and regulatory compliance.
  
  

FEATURED BENEFITS:

• Discretionary Bonus
• Medical Insurance
• Dental Insurance
• Vision Insurance
• 401(k)
• Health Savings Account
• Paid Maternity Leave
• Paid Parental Leave
• Tuition Reimbursement