GRC Analyst (IC3) – Compliance
Contract (via Coyle Consulting)
Length - TBC
Location - TBC
The GRC Compliance Analyst will facilitate the completion of industry, regulatory, and customer audit requests to accurately reflect the security and compliance posture to current and potential customers. The analyst will work with the overall Global Security Team and internal business units to understand our security and continuity posture, collect supporting evidence, identify gaps in expectations/capabilities, and draft externally facing responses.
Duties and Responsibilities:
1. Facilitates ISO27001, SOC 2 Type II, and customer audits
2. Assists the Sales department in the completion of RFIs, RFPs, and customer security questionnaires
3. Communicates with other business units to determine applicability and scope of questionnaires
4. Assists with the build, implementation and maintenance of Global Security’s external compliance product/SaaS tool including AI upgrades, documentation, and daily management
5. Collaborates with Global Security and/or other internal business to collect supporting evidence
6. Facilitates customer audits, evidence gathering, finalizing responses, tracking remediation tasks, and audit close
7. Communicates gaps in processes/compliance requirements with Global Security Risk Team as necessary
8. Assists in reviewing customer/partner contracts for Information Security requirements
9. Collaborates with internal business units to provide evidence and/or information for internal and external audits
10. Ensures all Security policy and procedures are documented and updated according to Global Security standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and repository/system of record up to date as defined by the Global Security Governance program
Minimum Qualifications:
1. Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field strongly preferred; equivalent combination of education and experience may be substituted in lieu of degree.
2. At least two (2) years of GRC (governance, risk, compliance) experience with methodologies, activities, tools and enablers in a technology related industry and five (5) – seven (7) years of experience in business process analysis, project methodology, or systems development life cycle through education or on-the-job experience, required.
3. Ability to demonstrate a strong understanding of various compliance and regulatory areas (e.g. GDPR, SOC 2, DORA, ISO27001)
4. Excellent written and verbal communication skills.
5. Strong analytical and problem-solving skills.
6. Ability to work both independently and as part of a team to deliver quality work products in a timely fashion in a fast-paced environment.
7. Ability to multi-task and prioritize tasks.
8. The ability to work well with people from many different disciplines with varying degrees of technical experience.
9. The ability to adapt to a dynamic, rapidly changing business and technical environment.
10. Ability to exercise good professional judgment.
11. Ability to maintain confidentiality.
12. Ability to oversee all aspects of projects and manage projects through the entirety of the life cycle.
Preferences
1. Ability to develop security standards and guidelines based on best practices and industry standards.
Preferred Qualifications
1. Information security related training or certifications such as CISSP or CRISC
2. Experience performing information security audits or risk assessments
3. Familiarity with security auditing processes
4. Familiarity with the Digital Operations Resilience Act (DORA)
5. Familiarity with customer security questionnaires, RFIs and RFPs
#J-18808-Ljbffr