Title: GRC Analyst
Location: Remote within EST time zone
Duration: FTE/Perm
Salary: 100-110k
The GRC Analyst is a critical member of the Governance, Risk, and Compliance (GRC) team, reporting to the GRC Lead. This role combines hands-on technical monitoring, compliance coordination, and risk management responsibilities. The analyst will oversee recurring compliance initiatives, address risks identified in assessments, and facilitate audit processes. Additionally, the role involves proactive collaboration with various IT and business stakeholders to ensure governance objectives are met effectively and efficiently.
Responsibilities
Governance and Compliance Coordination:
- Oversee the annual update of policies, standards, procedures, and control narratives by collaborating with IT teams and ensuring timely submission to Internal Audit and external auditors (e.g., PwC).
- Manage recurring audit and compliance requests, ensuring responses are accurate and timely.
- Facilitate walkthroughs of controls, documentation, and processes, addressing common inquiries and identifying opportunities for improvement.
Technical Monitoring and Data Utilization:
- Utilize tools like Varonis to generate monthly reports on open access, sensitive data, PII, and other critical metrics.
- Review and analyze reports, initiate remediation efforts, and track progress to resolution.
- Leverage data insights to strengthen governance processes and proactively mitigate risks.
- Manage cleanup or mediation projects based on monitoring outcomes, ensuring alignment with quarterly or annual compliance goals.
Audit and Risk Management:
- Respond to audit and assessment requests, addressing topics like privilege access management, change management, and SDLC controls.
- Collaborate with stakeholders to resolve identified risks and implement recommendations from gap analyses and assessments.
- Ensure proper documentation and communication of control narratives and compliance activities.
Project Support and Facilitation:
- Support or lead compliance-related projects, acting as a communicator, facilitator, and business analyst as needed.
- Gather and document requirements, engage the right stakeholders, and drive project milestones to completion.
- Provide ongoing support for implementing recommendations and monitoring progress.
Documentation and Process Improvement:
- Maintain comprehensive documentation of policies, standards, audit responses, and remediation activities.
- Continuously improve governance processes by identifying gaps, analyzing recurring issues, and implementing practical solutions.
Ideal Candidate Profile
Background:
- Experience in governance, risk, compliance, IT, or business analysis.
- Familiarity with technical monitoring tools (e.g., Varonis) and data-driven decision-making.
- Exposure to audit processes, compliance initiatives, or risk assessments.
Skills:
- Strong organizational and documentation capabilities, with attention to detail.
- Ability to analyze data, identify risks, and coordinate remediation actions.
- Excellent communication and facilitation skills to engage technical and business stakeholders effectively.
- Proficiency in managing recurring processes and addressing ad hoc requests.
Soft Skills:
- Proactive and adaptable, with the ability to manage evolving priorities.
- Collaborative and team-oriented, capable of building relationships across departments.
- Analytical mindset with a focus on delivering solutions.
Key Projects and Activities
- Annual compliance updates, including policies, standards, and control narratives.
- Monthly technical monitoring reports and subsequent remediation or cleanup projects.
- Responding to audit and assessment requests, with a focus on high-priority topics like privilege access management and change management.
- Supporting gap analyses and addressing risks identified in assessments.
This description integrates all aspects of the role discussed, including governance responsibilities, technical monitoring, audit facilitation, and project-based support. It positions the GRC Analyst as a dynamic and hands-on contributor to the team.