GRC Analyst (IC3) – Compliance (6-Month Contract)
We are seeking a skilled GRC Compliance Analyst for a 6-month contract opportunity to support and enhance our organization's compliance and security initiatives. This role will focus on facilitating audits, responding to regulatory and customer requirements, and ensuring a robust compliance posture. You will collaborate with cross-functional teams to collect evidence, address gaps, and deliver high-quality responses that align with industry standards and customer expectations.
Key Responsibilities:
1. Facilitate ISO 27001, SOC 2 Type II, and customer audits.
2. Assist the Sales team with RFIs, RFPs, and customer security questionnaires.
3. Collaborate with business units to determine the scope and applicability of security inquiries.
4. Support the implementation and maintenance of external compliance tools, including upgrades and daily management.
5. Gather evidence and finalize audit responses while tracking remediation tasks to ensure successful audit closure.
6. Communicate gaps in processes or compliance requirements to the Risk Management Team.
7. Review customer and partner contracts for information security requirements.
8. Ensure security policies and procedures are documented, updated, and aligned with governance standards.
9. Act as a liaison between internal teams to provide evidence for internal and external audits.
Minimum Qualifications:
* Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field; equivalent experience may substitute for a degree.
* At least 2 years of experience in governance, risk, and compliance (GRC) in a technology-related industry and 5–7 years of experience in business process analysis or project methodology.
* Strong understanding of compliance and regulatory areas such as GDPR, SOC 2, DORA, and ISO 27001.
* Excellent written and verbal communication skills.
* Strong analytical and problem-solving abilities.
* Proven ability to multi-task, prioritize, and adapt in a fast-paced environment.
* Experience working effectively in cross-functional teams and dynamic settings.
Preferred Qualifications:
* Certifications such as CISSP or CRISC.
* Experience performing information security audits or risk assessments.
* Familiarity with customer security questionnaires, RFIs, RFPs, and security auditing processes.
* Knowledge of Digital Operational Resilience Act (DORA).
* Experience developing security standards and guidelines based on industry best practices.