GRC Analyst

<h4><strong>About the Role</strong></h4> <p>The GRC analyst helps maintain A-LIGN’s management system as it relates to information security standards. In this role, you will be responsible for the coordination, maintenance, and improvement of A-LIGN’s corporate compliance program, including internal and external audits.</p> <h4><strong>Reports to</strong></h4> <p>Director of Compliance and Program Management</p> <h4><strong>Pay Classification</strong></h4> <p>Full-Time</p> <h4><strong><span class="TextRun SCXW35290650 BCX8" lang="EN-US" data-contrast="none"><span class="NormalTextRun SCXW35290650 BCX8">Responsibilities</span></span><span class="EOP SCXW35290650 BCX8" data-ccp-props="{&quot;335559991&quot;:274}">&nbsp;</span></strong></h4> <ul> <li>Support information security compliance programs across applicable frameworks, including SOC 2, ISO 27001, ISO 42001, FedRAMP, CMMC, and NIST 800-53/171</li> <li>Coordinate audit, assessment and testing activities with internal and external stakeholders</li> <li>Validate identified findings and nonconformities, manage remediation tracking, monitor resolution progress, and report status to stakeholders</li> <li>Review, update, and maintain information security documentation in accordance with applicable standards and organizational objectives</li> <li>Maintain and update the GRC platform (Optro) current with risk, control, and compliance data</li> <li>Assist with the implementation and ongoing management of data loss prevention (DLP) programs, including false positive identification, policy violations, incident monitoring and response coordination</li> <li>Support third-party risk management activities, including contractor oversight and vendor due diligence reviews</li> <li>Assist with client-issued security questionnaires and assessments</li> <li>Assist with risk management, vulnerability management, incident reviews, data disposal reviews, and BC/DR planning and testing</li> <li>Monitor and track employee completion of security training and awareness programs</li> </ul> <h4><strong><span class="TextRun SCXW32370652 BCX8" lang="EN-US" data-contrast="none"><span class="NormalTextRun SCXW32370652 BCX8">Minimum Qualifications</span></span></strong></h4> <p>EDUCATION</p> <ul> <li>Bachelor’s degree in management information systems, Information Security, Cybersecurity, Business or a related field or an equivalent combination of education and experience</li> </ul> <p>EXPERIENCE</p> <ul> <li>At least 1 year of IT security, governance, risk, or compliance-related experience</li> <li>Knowledge of security and risk frameworks <ul> <li>Preferred knowledge of SOC 2, ISO 27001, ISO 42001, FedRAMP, CMMC, NIST 800-53, NIST 800-171</li> </ul> </li> <li>Preferred: Knowledge of GRC tools (Optro, OneTrust, etc.)</li> </ul> <p>CERTIFICATIONS&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</p> <ul> <li>Preferred: CISA, CISM, Security+, CCSK, ISO Lead Auditor</li> </ul> <p>SKILLS</p> <ul> <li>Ability to meet deadlines with a high degree of motivation</li> <li>Excellent critical thinking and problem-solving skills</li> <li>Strong communication and organizational skills</li> <li>Thrives in a fast-paced environment</li> <li>Ability to work individually as well as collaboratively</li> </ul> <h4><strong><span data-contrast="auto">Benefits</span></strong></h4> <ul> <li>Healthcare, Dental, and Vision Benefits</li> <li>EAP - Employee Assistance Program</li> <li>Competitive Bonus Structure</li> <li>Home Office Reimbursement</li> <li>Technology Allowance</li> <li>Certification Reimbursement</li> <li>Public Transportation Card</li> <li>Multisport Card</li> <li>Personalized Career Coaching</li> <li>Generous Paid Time Off</li> <li>Paid Office Closure December 24-January 1</li> <li>Summer Hours</li> </ul> <h4><strong>About A-LIGN&nbsp;</strong></h4> <p>A-LIGN&nbsp;is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology,&nbsp;A-LIGN&nbsp;provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI.&nbsp;A-LIGN&nbsp;is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com.&nbsp;</p> <h4><strong>Come Work for&nbsp;A-LIGN!&nbsp;</strong></h4> <p>Apply online today at&nbsp;A-LIGN.com and learn about life at&nbsp;A-LIGN&nbsp;by following us on&nbsp;<strong><a href="https://www.linkedin.com/company/a-lign/posts/?feedView=all">LinkedIn</a>. &nbsp;</strong></p> <p>A-LIGN&nbsp;is an Equal Opportunity Employer.&nbsp;</p> <p>The personal data you provide to us is processed by&nbsp;A-LIGN&nbsp;Bulgaria. Your personal data is shared with employees of&nbsp;A-LIGN, and the candidate data retention period is 6 months. You have the right to obtain information about the processing of your personal data. In addition, you have the right to correct, to block, and to delete your data in accordance with the local laws and regulations. For more information you can visit&nbsp;<strong><a href="https://www.a-lign.com/privacy-policy-job-ads">A-LIGN’s Job Ads Privacy Policy.</a></strong></p>