- Company Name
- Essentials
- Job Title
- Analyst, IT Goverance, Risk and Compliance
- Job Description
-
Job Title: Analyst, IT Governance, Risk and Compliance
Role Summary:
Supports the organization’s compliance and risk management initiatives, ensuring adherence to regulatory requirements and industry best practices. Provides hands‑on execution of SOC 2 and ISO 27001 programs, administers GRC tools, conducts risk assessments, and maintains security frameworks.
Expectations:
- Deliver accurate evidence gathering and control testing for SOC 2 and ISO 27001.
- Keep GRC tool configurations and automated tests current.
- Perform periodic risk assessments, document findings, and aid mitigation planning.
- Draft and update security policies, standards, and procedures.
- Manage third‑party vendor risk activities and regulatory questionnaire responses.
- Track compliance tasks, follow up with stakeholders, and report status to leadership.
- Contribute to security awareness training initiatives.
- Maintain up‑to‑date knowledge of evolving compliance requirements.
Key Responsibilities:
- Support ongoing SOC 2 and ISO 27001 compliance programs (evidence collection, control testing, remediation tracking).
- Administer the Vanta platform, ensuring accurate mapping of security controls and functioning automated tests.
- Conduct and document risk assessments, evaluate impact/likelihood, and develop mitigation recommendations.
- Draft, maintain, and review security policies, standards, and procedures aligned with regulatory frameworks.
- Support third‑party vendor risk management: review questionnaires, monitor vendor performance.
- Respond to client and regulatory security questionnaires.
- Track compliance tasks, collaborate with stakeholders, and provide regular status updates.
- Assist in security awareness and training efforts.
- Stay current with compliance standards (SOC 2, ISO 27001, NIST, etc.) and adjust programs accordingly.
Required Skills:
- Knowledge of SOC 2, ISO 27001, and NIST frameworks.
- Experience with GRC tools (e.g., Vanta, OneTrust).
- Strong understanding of IT security principles, risk management, and regulatory requirements.
- Excellent written and verbal communication.
- Strong organizational and analytical abilities.
- Ability to collaborate across teams and manage multiple priorities.
Required Education & Certifications:
- Bachelor’s degree in Information Security, Information Technology, or a related field (or equivalent experience).
- 3+ years of experience in IT security, governance, risk, or compliance roles.
- Certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer are preferred.