Job Description

Job Title

GRC Analyst Posting

Position Overview

GRC (Governance, Risk, Compliance) Analyst

The GRC Analyst will collaborate with security and risk management process owners, internal auditors, external auditors, and other stakeholders to assist in reviewing, monitoring, and resolving findings and IT related vulnerabilities and risks. This includes helping the team with the NIST Cybersecurity Framework and SOC 2 Compliance programs. By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards, and other GRC activities, the GRC Analyst will also contribute to the transformation of the company's IT compliance program.

Responsibilities:

• Manage annual IT testing for internal and external audits, risk assessments, and regulatory, legal, and policy compliance

• Lead preparation for annual IT testing activities

• Working with Communications teams on dissemination of compliance policies

• Technical writing and documentation of security and risk controls

• Conduct IT Compliance training sessions to prepare for IT assessments

• Collaborate with leadership on compliance-related concerns and present findings and suggestions to them

• Ensure prompt turnarounds by supporting internal and external audit requests

• Inform others about IT issues and shortcomings to ensure that remedial action plans are in place

• Make suggestions for repeatable, quantifiable, and long-lasting remediation programs, and follow up on action plans until they are completed

• Develop IT documentation for IT internal controls in consultation with IT, including IT process narratives, process flows, and documented control actions

• Establish and sustain governance tools for risk and compliance to support IT compliance activities

• Ensure compliance with the IT frameworks by helping IT control owners implement and validate controls for the processes of access management, release management, change management, and vendor management

• Collaborate with IT stakeholders on how to efficiently adhere to IT standards and proactively reduce risks and vulnerabilities

Position Requirements:

Bachelor's Degree or equivalent work experience such as five years' experience in audit, security, or risk management related position in $100M+ companies.

Exceptional written and verbal communication skills.

Strong knowledge of and experience using ServiceNow or other CMDB.

Experience using Tenable and Microsoft Defender or other equivalent vulnerability management tools.

Strong knowledge of and experience using Microsoft Purview or other IT asset and data compliance tools.

Strong analytical skills with the ability to collect, organize, analyze, and disseminate significant amounts of information with attention to detail and accuracy.

Adept at data queries, report writing, and presenting findings.

Team player and the ability to work with minimal supervision.

Competencies:

Execute Action Plan

Demonstrate Good Judgement

Innovate

Deliver Compelling Communication

Learn Continuously

Work Shift

8 Hr non-rotating shift, Hrs fall to in punch day, Observed Calendar, shift starts AM

Shaw Industries is an equal opportunity employer as to all protected groups, including protected veterans and individuals with disabilities.

Job Tags

Similar Jobs