Governance, Risk and Compliance (GRC) Analyst
- Ensures regulatory compliance enterprise wide
- Has a full grasp of information security, cyber security, and privacy issues and awareness of regulated data environments
- Supports and is involved in communication around internal and external audit
- Creates policies and controls to ensure compliance
As an integral member of the Information Security team, reporting to the Director of Information Security, the responsibility of the GRC Analyst is to help support the day-to-day assurance operations related to policy compliance, process and organizational policies and security requirements governance, as well as risk management functions. You will be responsible for the collection and management of data from multiple systems to allow for proper reporting of the Information Security program effectiveness through risk analysis and trends. The ideal candidate will have knowledge of risk management, security and privacy practices and be an effective communicator, both written and verbal.
You will engage business personnel to ensure all requisite data and information is complete, accurate, and consistently delivered. You will use your experience and knowledge of security in working with a team to deliver on Governance, Risk and Compliance goals related to developing the complete perspective for operational and management visibility of overall compliance to the Information Security program, policies, and practices. You will be expected to establish and foster relationships with the various areas of the business to build rapport and be viewed as a trusted partner to help teams deliver on their commitment of compliance with security and privacy policies and regulations.
What you will be responsible for:
- Implement the enterprise-wide strategy and key initiatives/projects focused on the reduction of technology risk, governance and compliance to policies and external regulatory compliance
- Assist in the execution of departmental plans, including business, production and/or organizational priorities and contribute to the Governance, Risk and Compliance functional strategy
- Work with IT and business teams to perform security and compliance assessments on new and existing systems, processes, and technology
- Collaborate to define Information Security requirements and develop / update associated policies
- Support internal and external audit processes for relevant compliance concerns
- Participate in disaster recovery and business continuity planning and exercises, as appropriate
- Perform periodic gap assessments to validate compliance on an ongoing basis
- Tactically operate the systems for: risk register management, vendor and software risk assessments, incident-related risk logging and mitigation, data subject access request workflows and management, management for the configuration of cookie compliance, enterprise policy management, and data mapping
- Assist with the education and awareness programs to promote and foster the delivery of systems and services with security and privacy controls built-in.
- 3+ years of relevant experience in the Information Security field with experience in the GRC area
- Experience with information security ISMS such as NIST CSF and ISO27001, and CIS controls beneficial
- Possess strong of comprehension of security and risk
- Knowledge and experience with SOC2 and the Trust Service Criteria beneficial
- Familiarity with eGRC tools
- Knowledge and experience with diverse IT architectures and enterprise IT data centers, large-scale transaction processing environments, external hosted services and cloud computing environments
- Experience working with security management tools (e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc.) and perimeter technologies (e.g., router, firewalls, web proxies and intrusion prevention, etc.)
- Knowledge of configuration management, change control/problem management integration, risk assessment and acceptance, exception management and security baselines (e.g. CIS Baselines, NIST, vendor security technical implementation guides, etc.)
Education and Certification Requirements:
- Bachelors degree in Information Systems, Cybersecurity, or a related field
- GRC related certifications are preferred: GRCP, GRCA
- Privacy and risk related certifications are beneficial: CIPP, CIPT, CIPM, CERA, CRM
About SmartBear At SmartBear, we focus on your one priority that never changes: quality. We know delivering quality software over and over is complicated. So our tools are built to streamline your process while seamlessly working with the products you use and will use. Whether its TestComplete, Swagger, Cucumber, ReadyAPI, Zephyr, or one of our other tools, we span from test automation, API lifecycle, collaboration, performance testing, test management, and more. Whichever you need, theyre easy to try, easy to buy, and easy to integrate. Were used by 15 million developers, testers, and operations engineers at 24,000+ organizations including world-renowned innovators like Adobe, JetBlue, FedEx, and Microsoft. Wherever youre going, well help you get there. Learn more at smartbear.com, or follow us on LinkedIn, Twitter, or Facebook.
SmartBear is an equal employment opportunity employer and encourages success based on our individual merits and abilities without regard to race, color, religion, gender, national origin, ancestry, mental or physical disability, marital status, military or veteran status, citizenship status, age, sexual orientation, gender identity or expression, genetic information, medical condition, sex, sex stereotyping, pregnancy (which includes pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), or any other legally protected status.