Cybersecurity Jobs
- Application Security Engineer
- Chief Information Security Officer (CISO)
- Cloud Security Architect
- Cloud Security Engineer
- Cyber Risk Analyst
- Cybersecurity Engineer
- Data Privacy Officer
- Data Security Engineer
- Database Administrator (DBA)
- DevOps Engineer
- Forensics Analyst
- GRC Analyst
- Identity and Access Management Engineer
- Information Assurance Analyst
- Information Security Manager
- Information Security Officer
- Internet Analyst
- Intrusion Analyst
- IT Compliance Analyst
- IT Security Project Manager
- Network Engineer
- Network Security Analyst
- Network Security Engineer
- Networking Specialist
- Penetration Tester
- Risk Analyst
- Security Analyst
- Security Architect
- Security Compliance Analyst
- Security Engineer
- Senior IT Security Consultant
- Senior Network Engineer
- Software Developer
- Threat and Incident Manager
- Vulnerability Management Analyst
The GRC Analyst will collaborate with process owners, internal auditors, external auditors, and other stakeholders in order to assist in reviewing, monitoring, and resolving findings. This includes helping the team manage ISO27001 and SOC 2 Compliance programs. By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2, ISO 27001, PCI, SOX, and other GRC activities, the Principal GRC Analyst will also contribute to the transformation of the company’s IT compliance program.
Typical Duties and Responsibilities
- Manage risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with NIST standards
- Manage and support SOC 2 and global ISO 27001 audits
- Promote widespread implementation of ISO 27001 standards
- Maintain and monitor a central repository for audit evidence
- Inform the proper stakeholders of important concerns and hazards
- Work together with other stakeholders to link our corporate IT, procurement, and privacy departments with GRC objectives
- Maintain up-to-date knowledge of procedures and methods that serve to broaden team knowledge and industry expertise
- Manage security standards, policies, and practices on an annual basis to make sure they meet corporate demands
- Assist the department in responding to inquiries from the business units about ongoing operational compliance
- Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements
- Share information with managers to avoid surprises, draw attention to problems, and guarantee delivery on time
Education
- Bachelor’s degree in information cybersecurity, risk management, governance, or a related field
Required Skills and Experience
- 5+ years of direct experience in information security, with a main emphasis on risk and compliance
- 3+ years of expertise conducting ISO 27001 and SOC 2 audits, as well as handling audit responses
- Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC 2 , NIST, FedRamp, CMMC, PCI, GDPR, etc.)
- Knowledge of identity management standards, storage, and disaster recovery in the cloud
- Knowledge of GRC tool techniques and best practices (ZenGRC, OneTrust, Archer)
- Proven track record of organizing and carrying out several risk and compliance projects
- Ability to successfully manage third-party audits, compile evidence, and organize audit responses
- Keen attention to detail
- Effective written and verbal communication skills and the capability to communicate with cross-functional teams
- Proven analytical and problem-solving abilities for managing initiatives that advance corporate goals
Preferred Qualifications
- ISO 27001 Lead Auditor, CISA, CISM, or CISSP, or are working toward certification