Compliance Analyst – GRC – Privacy

TRU Staffing Partners

  • Full Time

Are you a “go-getter” who is ready to make an immediate impact in your next role? Our client, an up-and-coming name in the software services industry, is looking for a Compliance Analyst – GRC to join their growing team. As a GRC Compliance Analyst, you will be reporting to the Global General Manager and working closely with peers in all business areas, including IT Information Security, Infrastructure, and Operations to plan, track, and implement risk mitigation activities taking place across the company. This is an excellent opportunity for an independent contributor to have a hand in elevating risk management and security as a business enabler as well as integrate a deeper understanding of risk management into products and business space. The Analyst will create and maintain documentation for technical processes and compliance procedures as well as continuously improve the security framework, methodology, standards, and system controls for our client. Experience in technical risk management, information security, audit, and/or compliance efforts evaluating a system or an organization against compliance regimes is a must. In addition, a solid grasp of frameworks and standards like ISO 27k, GDPR, PCI DSS, SOC, and NIST CSF/PF with hands-on work experience in these tools is a requirement. The ideal candidate will take an extremely pragmatic approach to risk management, function as part of a growing team, and will be able to balance the needs of a very dynamic engineering culture with that of protecting the company and customer data.

Primary job duties include:

  • Create and maintain Documentation for Technical processes and compliance procedures
  • Continuously improve the security framework, methodology, standards, and system controls
  • Support risk identification and assessment, response and mitigation, control monitoring and reporting
  • Document, organize, and track complex mitigation planning activities that result from risk assessments
  • Collaborate with peers to surface problem areas and potential blockers early on
  • Gather and organize assessment results and data to support risk reporting and monitoring processes
  • Serve as a Subject Matter Expert (SME) for regulatory compliance
  • Day-to-day execution of the Information Security Risk Assessment process for existing and potential vendors
  • Contribute to the development of tools, automation, and practices to better support the GRC function
  • This role will communicate regularly with parties outside the U.S., and success in this role is tied to maintaining a positive impact on those relationships
  • The ideal candidate takes an extremely pragmatic approach to risk management, functions as part of a growing team, and is able to balance the needs of a very dynamic engineering culture with that of protecting the company and customer data

Required experience:

  • Some experience in technical risk management, information security, audit, and/or compliance efforts evaluating a system or an organization against compliance regimes
  • A solid grasp of frameworks and standards like ISO 27k, GDPR, PCI DSS, SOC, NIST CSF/PF with hands-on work experience
  • Some work experience with the review of systems and solutions as part of an internal audit or risk assessment team, procurement process, or other programs
  • Proven skills or ability to organize complex work efforts and track multiple requirements and details across many regimes that may vary on a week-by-week basis
  • If you have excellent project management skills and hands-on experience that is a major bonus!
  • Readiness to find a new way to approach security requirement compliance
  • Proven communication skills and ability to understand the value and drivers behind adjusting style and tone to audienc
  • Experience with collecting data with consistency and basic experience developing reporting or metrics to assess and report program performance using data analysis tools – Excel, Google Sheets, OpenOffice Spreadsheets, databases, or a comparable tool
  • Strong independent motivation, high comfort level with written communication, use of chat tools, and asynchronous communication skills
  • The ability to partner with and effectively communicate with technical and non-technical employees, security, engineering, and management staff
  • Ability or desire to learn how to make compliance easy, simple, and intuitive by developing sensible procedures and tools tracking requirements
  • Must be fully fluent in English (bilingual candidates preferred
  • Must be legally authorized to work in the United States

Preferred Experience and Approach

  • Drawn to collaboration with a belief that we create a better result together
  • Mastery at digging into problems, answering questions, and assisting colleagues across the company
  • Proficiency at working under ambiguous situations, with demonstrated drive to bring clarity using communication and independent research of existing documentation and resource
  • Experience functioning as a business-to-technology translator and helping bridge the business view of compliance and risk management to technical engineering and operations staff and vice versa
  • Confident in the ability to say “I don’t know, but I will find out!” with a strong desire to learn
  • Work with the IT and Engineering team to automate repetitive tasks, and build efficiencies to get us through audits and assessments quicker and easier
  • Make sure you’re walking the walk with respect to the compliance commitments made (SOC 2, ISO 27k, GDPR, PCI DSS, etc.
  • Craft responses by understanding the importance of specific requirements
  • Keep the company informed on how well they’re meeting requirements, and how this has benefited them and their customers
  • Try and fail…and try again; experiment with new technologies, approaches, and techniques

Education Requirements

  • Bachelor’s degree in IT, finance, business, or a related fiel
  • Experience in IT-related positions including IT General Controls and IT Compliance, Auditing
  • Experience executing IT General Controls including IT Change Management and Logical Access
  • Knowledge of industry frameworks and best practices: SOC, COBIT, ITIL, ISO2700x, NIST, requirements relating to IT systems and processes
  • Experienced with risk management as it applies to information technology, information security and general business environment

 #LI-DNI

Job Overview
Your subscription could not be saved. Please try again.
Your subscription has been successful.

Receive job alerts twice per week:

We use Sendinblue as our marketing platform. By Clicking below to submit this form, you acknowledge that the information you provided will be transferred to Sendinblue for processing in accordance with their terms of use