Vantage Data Centers Management Co - Aurora, CO
posted about 2 months ago
The GRC (Governance, Risk, and Compliance) Analyst at Vantage Data Centers plays a pivotal role in supporting the organization's information security management system (ISMS) and cybersecurity initiatives. This position is primarily remote within the U.S. and is responsible for leading the ISMS risk register, providing oversight on cyber risks and controls, and ensuring that the company's security environment is maintained and aligned with relevant standards. The GRC Analyst will engage in ongoing training and professional development to stay ahead of the latest security trends and technologies, while also supporting internal and external audits, conducting security investigations, and managing GRC programs and projects. In terms of risk management and ISMS support, the GRC Analyst will lead the ISMS risk register, ensuring that risks are identified, assessed, and mitigated effectively. They will provide oversight on cyber risks and the implementation of appropriate controls, supporting the ISMS program by ensuring compliance with relevant standards and conducting periodic gap assessments. The role also involves managing, supporting, and maintaining Vantage's security environment, acting as a contact for end users and individuals reporting cybersecurity issues, questions, or concerns, and supporting AI initiatives and governance. The GRC Analyst will manage GRC programs and projects as assigned, ensuring that objectives are met and risks are mitigated. They will maintain and run policies, procedures, standards, and the Confluence site for all documentation, ensuring accuracy and conducting annual reviews. Additionally, the role includes supporting internal and external audits by providing vital documentation and responding to audit inquiries, performing periodic gap assessments to validate compliance on an ongoing basis, and supporting the triage and investigation of security alerts to identify potential threats and take appropriate action. The GRC Analyst will also create documentation and presentations for leadership and partners on relevant topics and issues, contributing to the development and refinement of SOC (Security Operations Center) policies, procedures, and best practices. Continuous professional development is emphasized, with the expectation of engaging in ongoing training to stay ahead of the latest cybersecurity threats, vulnerabilities, trends, and technologies.