Job Title: Governance Risk and Compliance AnalystAs a Governance Risk and Compliance (GRC) Analyst, you will be responsible for ensuring ISO27001 and SOC2 compliance by conducting regular assessments and audits, staying informed about US and UK regulatory requirements, and aligning organizational services with relevant standards.
Additionally, you will streamline GRC activities through scripting and automation using tools like PowerShell and Vscode, leveraging DevOps Pipeline for automation efforts.
Your role includes conducting internal reviews to identify risks and non-compliance, analysing information metrics, and translating insights into actionable measures.
You will contribute to process improvement within the Secops Team, evaluate third-party vendors for compliance, complete customer security surveys, and stay abreast of industry best practices and trends impacting the organization's risk stance.
Responsibilities: Ensure adherence to ISO27001 and SOC2 standards, conducting regular assessments, audits, and reviews to maintain compliance.
In addition, stay abreast of US and UK regulatory requirements, including GDPR, DPA 2018, NIST, DFARS, FARS, and other relevant standards, associated with the organisations service portfolio in scope of the ISO27001 and SOC2 requirements.Develop efficient processes and automate where possible whilst streamlining GRC activities using such tools as PowerShell and Vscode.
Leverage the Devops Pipeline platform compute functions to support automation efforts.Conduct comprehensive internal audits, policy / process / Identity Access management reviews to identify potential risks and areas of non-compliance with the ISO27001 and SOC2 requirements associated with End and 3rd Party Users including outsourced contractors.Prepare and organize evidence for, and participate in, annual internal and external audits of standards, including ISO 27001 and SOC2Conduct regular analysis of information metrics and translate findings into actionable insights.Contribute to the development and enhancement of processes and procedures to strengthen security and compliance measures within the Secops Team.Evaluate and review third-party vendors for compliance with security and regulatory standards.Complete customer security survey requirements to demonstrate the organisation ability to protect customer information as is relevant to customer scoped services.Remain appraised of industry best practices for IT services provided, staying informed about industry trends which may impact the risk stance of the organisation.
Basic Qualifications: 1-2 years of relevant experience in IT compliance within an IT service organisation focusing on working with the ISO27001 and SOC2 frameworks.Experience working within an auditing role.Strong organizational, project management and process analysis skills.Ability to effectively work and interact with customers and team members.Ability to effectively manage multiple assignments and priorities.Ability to effectively communicate both orally and in writing.
Demonstrated understanding of Risk management within an information security Management System.Technical knowledge of enterprise IT systems, operating systems, and networks.
Experience with basic scripting and query creation.Demonstrable understanding or global standards such as ISO9001, NIST, DFARS, FARS, GDPR, DPA 2018 and PCI-DSS.
Preferred Qualifications: Bachelor's degree required.Relevant security related certifications a plus: CISSP, GCIA, GSEC, GCIH, GCED, GCFA, GREM.Relevant certifications for RISK management frameworks for IT systems.Relevant auditing certification for an IT based frameworkExperience in information technology or security desired.Experience with Microsoft security technologiesExperience in any of the following applications Rapid7 InsightVM, scripting, (PowerShell, Python etc), Rapid7 AppSec, Bitsight, Microsoft Sentinel (SIEM), Risk management tools (OnSpring), SharePoint, Power BI or other data analytics tools Travel: 10 %