Cybersecurity, Governance, Risk, and Compliance Analyst

Kingland - Ames, IA

posted 5 months ago

Full-time - Mid Level
Ames, IA

About the position

The Cybersecurity, Governance, Risk, and Compliance (GRC) Analyst at Kingland is a pivotal role responsible for overseeing the security and privacy operations within the Security Office. This position requires a proactive approach to ensure that all security and data privacy best practices are adhered to across the organization. The Analyst will collaborate closely with the Chief Security Officer, various internal teams, and external auditors to maintain compliance with industry standards and regulations. This includes a thorough understanding of frameworks such as AICPA SOC 2 Type 2, ISO standards (27001, 27701, 22301, 27017, 27018), NIST 800-53, and CIS Benchmarks. The Analyst will conduct annual assessments using the Shared Assessment Framework to identify areas for improvement in Kingland's security and data privacy posture. They will also be responsible for managing the Privacy Policy and ensuring compliance with the EU-U.S. Data Privacy Framework. Engaging with Internal Audit and third-party auditors is a key responsibility, requiring coordination to ensure timely audits and compliance with contractual obligations. In addition, the Analyst will gather evidence from various tools such as AWS and Azure Active Directory for audits, respond to customer security assessments, and conduct third-party risk assessments to ensure vendor compliance. They will establish a maturity rating for the third-party risk management program and initiate Privacy Impact Assessments for new projects. The role also involves managing GRC-related tools and configurations, as well as overseeing individual rights management processes under GDPR.

Responsibilities

  • Advise on updates to security policies, standards, processes, and procedures related to Security and Privacy Compliance Policy.
  • Perform annual assessments using the Shared Assessment Framework to identify areas for improvement in security and data privacy posture.
  • Lead and assist with engagements with Internal Audit and third-party audits related to Security and Privacy matters.
  • Gather evidence from various Kingland tools for third-party audits.
  • Respond to Customer Security Assessments and inquiries to ensure compliance with Customer Requirements.
  • Conduct third-party risk assessments and vendor management to ensure compliance with defined policies and processes.
  • Establish a maturity rating of the third-party risk management program each year using the Vendor Risk Management Maturity Model.
  • Initiate and complete Privacy Impact Assessments for each project prior to deployment.
  • Manage configurations of GRC-related tooling such as ZenGRC and TrustArc.
  • Manage the individual rights management process under GDPR.

Requirements

  • Bachelor's degree in Computer Science, Information Technology, or a related field.
  • 4 years of experience as a security analyst, information security analyst, or IT Support.
  • 4 years of experience in compliance programs including AICPA SOC 2 Type 2 and ISO standards.
  • 4 years of experience in audit principles, separation of duties, and lines of defense.

Benefits

  • Generous and flexible health and welfare benefits.
  • Wellness programs and lifestyle benefits.
  • Total rewards benefits designed to support team members.
  • Career development plans and growth opportunities.

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service