GRC Analyst Job Description Template
Our company is looking for a GRC Analyst to join our team.
Responsibilities:
- Interface with IT units and business partners to provide guidance and support;
- Perform security and compliance assessments on new and existing systems, processes, technology;
- Work with various business units to ensure controls are adequate, appropriate, and effective;
- Collaborate to define IT security standards and develop supporting organizational policies;
- Perform business impact analysis and assist with development of IT/InfoSec risk register;
- Perform periodic gap assessments to validate compliance on an ongoing basis;
- Support vendor due-diligence process and help to lead and define overall third party risk management efforts;
- Support internal and external audit process for relevant compliance;
- Coordinate and participate in disaster recovery and business continuity planning;
- Stay up to date and informed on developing regulatory concerns and changing IT and information security trends.
Requirements:
- Bachelor’s degree or equivalent combination of education and experience;
- Experience with IT GRC platforms;
- Experience with IT governance, risk, and compliance management in a complex global environment;
- Ability to excel in a fast paced and rapidly changing environment;
- Familiarity with ISMS and security frameworks, particularly ISO 27001/27002 and NIST RMF;
- Strong understanding of fundamental information security concepts and technology;
- Industry certifications such as CISSP or CISA are strongly preferred;
- Significant experience with legal and regulatory compliance standards such as NYDFS Cybersecurity Regulation, GDPR, etc;
- Strong work ethic with attention to detail;
- Excellent oral and written communication skills.