GRC Analyst

About The Position

Requirements

• BS/BA Degree and 2+ years of experience in GRC, Risk Management, Compliance, or a similar role, or 3 years experience in lieu of degree.
• Experience with audit frameworks and standards, SOC, ISO, NIST, or similar.
• Knowledge of GRC frameworks, risk management methodologies, and compliance standards.

Responsibilities

• Support the development and maintenance of GRC frameworks, including policies, standards, and procedures.
• Assist in establishing and maintaining the company's control framework to meet industry standards and regulatory requirements.
• Participate in the company's internal audit program, collecting, analyzing, and categorizing evidence.
• Conduct regular risk assessments to identify, evaluate, and manage risks.
• Assist in coordinating internal and external audits and assessments such as SOC 1, SOC 2, NIST 800-53, and ISO 9001 QMS.
• Monitor risk mitigation efforts and report on key risk indicators.
• Ensure compliance with relevant regulatory requirements and standards including NIST SP 800-53, GLBA, PCI-DSS, and CCPA.
• Contribute to the development of GRC training workshops and policy briefs.
• Support internal and external audits by collecting and reviewing artifacts and evidence.
• Stay current with industry trends, regulatory updates, and best practices to improve GRC processes.
• Identify opportunities for improvement to GRC tools, processes, and functions.