GRC Analyst

Job Description:

Security Governance, Risk, Compliance (GRC) Analyst

Reporting to the Director Information Security, Governance, Risk, and Compliance, the GRC analyst will contribute to the development and operational execution of the program, including risk management and compliance with standards and regulations such as ISO27001 and EU GDPR.

Responsibilities

Support the GRC operating model and the service-oriented customer engagement model

Support GRC capabilities, such as enterprise security risk management, compliance and audit management, policy management, security awareness training, third party risk management, and metrics and reporting

Assist to manage security compliance programs and activities that support various compliance regulations

Perform risk assessments that address security threats, changes to systems and/or applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business

Collaborate with various operational and business teams to complete assessments and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders and leadership

Monitor the security risk profiles and events of our suppliers to objectively determine high risk suppliers that require additional review and treatment plans

Establish and maintain security metrics and reporting

Respond to customer security/compliance questionnaires

Act as security risk management "ambassador” to internal customers

Support the development of automation activities