Reporting to the Director Information Security, Governance, Risk, and Compliance, the GRC analyst will contribute to the development and operational execution of the program, including risk management and compliance with standards and regulations such as ISO27001 and EU GDPR.
- Candidate must have 4+ years working in governance, risk and compliance and/or information security and risk management.
- Functional knowledge of the CISSP security domains and information security industry standard and best practices.
- Functional knowledge of applicable security regulatory requirements (SOX, GDPR).
- Functional knowledge of ISMS governance models (i.e. ISO 27001, NIST, CAIQ), information security roles, security controls.
- Functional knowledge of common security certifications (i.e. ISO 27001, SOC1, SOC2, WebTrust) and ability to glean significance from findings identified in these reports.
- Ability to communicate risk methodologies and concepts to business units and IT teams.
- Demonstrated experience with controls definition, development, implementation and assessment.
- Strong interpersonal skills and ability to work effectively with diverse and distributed teams.
- Strong attention to detail, project management and organizational skills.
- Self-starter with the ability to effectively manage independent workloads asynchronously with stakeholders across multiple time zones.
