Governance, Risk, and Compliance Analyst

Governance, Risk, and Compliance Analyst

The Role:

The COMPLY Security Governance, Risk, and Compliance (GRC) Analyst will help to develop and maintain information collection and internal audit functions in support of COMPLY's information security policies. The GRC Analyst serves as a critical resource within the CISO department regarding information security policy implementation, interpretation, and compliance. The GRC Analyst assists in the collection of metrics, through internal audit and testing, to assess and prioritize information security and cybersecurity risk across the organization. The GRC Analyst works closely with the CISO to help facilitate compliance with regulatory requirements and information security policies.

• Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for COMPLY's information and technology systems.

• Assist with proactively preparing for and dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors; SOC, ISO, NIST, GDPR, etc.

• Assist with client requests and vendor based due diligence information gathering.

• Assist with the standardization of metrics and policy/procedure adherence information collection.

• Assist with risk and threat analysis and be able to contribute to risk mitigation and response.

• Assist with metrics dashboard creation/update.

• Assists with the development and implements of a data security risk reporting framework, aligned with ISO-27000 series standards, for management teams and governance committees.

• Assists with the designs and documentation of technical, administrative, and physical controls to ensure the business demonstrates compliance

• Works with the CISO on the remediation of control gaps

• Assures that periodical audits/tests are completed and exceptions are documented and periodically reviewed.

• Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for management.

• Assists with the identification, analysis, evaluation, and documents information security risks and controls based on established risk criteria.

• Contributes to the recommendation of controls to mitigate security risks identified via risk assessment process.

• Supports workforce security activities including culture, awareness, and training.

• Assists with eDiscovery and collection of data to support investigations of possible security or policy violations.

• Researches, recommends, and contributes to information security polices, standards, and procedures.

• Assists with the lifecycle management of information security policies and supporting documents.

• Works with other organizational participants to implement information security policies.

• Assists with review of information security sections within supplier contracts, identifies gaps, and recommends security and data privacy content to close gaps.

• Assists with the process creation, implementation, and maintenance of inventory of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities.

• Education: Bachelor's or master's degree in Cybersecurity, Information Technology, or related field.

• Experience: 4+ years of progressively responsible experience in a FinTech setting, addressing risk and compliance with regulatory requirements

• Certifications: CISSP, CISM, CISA, and/or other specific training and certification in security risk management and controls frameworks (such as ISO 2700 series or NIST 800-53)

• Good written and oral communication skills

• Effective team member

• Critical thinking

• Enterprise Security, Privacy, & Info Sharing

• Organizational Awareness and Understanding

• Technology Awareness

• Ability to work well with people from different disciplines with varying degrees of technical experience.

• Thorough attention to detail

• Good problem-solving skills

• Ability to work comfortably under pressure and deliver on tight deadlines

• Ability to maintain the highest standards of confidentiality, integrity, and personal accountability with company or client sensitive/restricted data