GRC Analyst

<h4><strong>About the Role</strong></h4> <p>The GRC analyst helps maintain A-LIGN’s management system as it relates to information security standards. In this role, you will be responsible for the coordination, maintenance, and improvement of A-LIGN’s corporate compliance program, including internal and external audits.</p> <h4><strong>Reports to</strong></h4> <p>Director of Compliance and Program Management</p> <h4><strong>Pay Classification</strong></h4> <p>Full-Time</p> <h4><strong><span class="TextRun SCXW35290650 BCX8" lang="EN-US" data-contrast="none"><span class="NormalTextRun SCXW35290650 BCX8">Responsibilities</span></span><span class="EOP SCXW35290650 BCX8" data-ccp-props="{&quot;335559991&quot;:274}">&nbsp;</span></strong></h4> <ul> <li>Support information security compliance programs across applicable frameworks, including SOC 2, ISO 27001, ISO 42001, FedRAMP, CMMC, and NIST 800-53/171</li> <li>Coordinate audit, assessment and testing activities with internal and external stakeholders</li> <li>Validate identified findings and nonconformities, manage remediation tracking, monitor resolution progress, and report status to stakeholders</li> <li>Review, update, and maintain information security documentation in accordance with applicable standards and organizational objectives</li> <li>Maintain and update the GRC platform (Optro) current with risk, control, and compliance data</li> <li>Assist with the implementation and ongoing management of data loss prevention (DLP) programs, including false positive identification, policy violations, incident monitoring and response coordination</li> <li>Support third-party risk management activities, including contractor oversight and vendor due diligence reviews</li> <li>Assist with client-issued security questionnaires and assessments</li> <li>Assist with risk management, vulnerability management, incident reviews, data disposal reviews, and BC/DR planning and testing</li> <li>Monitor and track employee completion of security training and awareness programs</li> </ul> <h4><strong><span class="TextRun SCXW32370652 BCX8" lang="EN-US" data-contrast="none"><span class="NormalTextRun SCXW32370652 BCX8">Minimum Qualifications</span></span></strong></h4> <p>EDUCATION</p> <ul> <li>Bachelor’s degree in management information systems, Information Security, Cybersecurity, Business or a related field or an equivalent combination of education and experience</li> </ul> <p>EXPERIENCE</p> <ul> <li>At least 1 year of IT security, governance, risk, or compliance-related experience</li> <li>Knowledge of security and risk frameworks <ul> <li>Preferred knowledge of SOC 2, ISO 27001, ISO 42001, FedRAMP, CMMC, NIST 800-53, NIST 800-171</li> </ul> </li> <li>Preferred: Knowledge of GRC tools (Optro, OneTrust, etc.)</li> </ul> <p>CERTIFICATIONS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p> <ul> <li>Preferred: CISA, CISM, Security+, CCSK, ISO Lead Auditor</li> </ul> <p>SKILLS</p> <ul> <li>Ability to meet deadlines with a high degree of motivation</li> <li>Excellent critical thinking and problem-solving skills</li> <li>Strong communication and organizational skills</li> <li>Thrives in a fast-paced environment</li> <li>Ability to work individually as well as collaboratively</li> </ul> <h4><strong><span data-contrast="auto">Benefits</span></strong></h4> <ul type="disc"> <li class="x_MsoNormal" data-olk-copy-source="MessageBody">Employer Paid Life &amp; Health Insurance</li> <li class="x_MsoNormal" data-olk-copy-source="MessageBody"><span data-teams="true">Competitive Bonus Structure</span></li> <li class="x_MsoNormal">Home Office Reimbursement</li> <li class="x_MsoNormal">Technology Allowance</li> <li class="x_MsoNormal">Certification Reimbursement</li> <li class="x_MsoNormal">BeneficiaT Discount Loyalty Program</li> <li class="x_MsoNormal">Personalized Career Coaching</li> <li class="x_MsoNormal">Generous Paid Time Off</li> <li class="x_MsoNormal">Paid Office Closure December 25-January 1</li> <li class="x_MsoNormal">Summer Hours</li> </ul> <h4><strong>About A-LIGN&nbsp;</strong></h4> <p>A-LIGN&nbsp;is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology,&nbsp;A-LIGN&nbsp;provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI.&nbsp;A-LIGN&nbsp;is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com.&nbsp;</p> <h4><strong>Come Work for&nbsp;A-LIGN!&nbsp;</strong></h4> <p>Apply online today at&nbsp;A-LIGN.com and learn about life at&nbsp;A-LIGN&nbsp;by following us on&nbsp;<strong><a href="https://www.linkedin.com/company/a-lign/posts/?feedView=all">LinkedIn</a>. &nbsp;</strong></p> <p>A-LIGN is an Equal Opportunity Employer.&nbsp;</p>