The GRC Analyst will be responsible for supporting the development, implementation, and maintenance of the firm's governance, risk management, and compliance program. The ideal candidate will have a strong understanding of regulatory requirements, risk management frameworks, and information security. They will have experience performing third-party risk assessments and will be familiar with the ISO 27001 certification.
Job Functions: - Assist with continued development and enhancements to the firm's governance, risk management and compliance program.
- Support the firm's client's by responding to information security assessments.
- Perform information security risk assessments on the firm's third-party vendors and suppliers.
- Collaborate with the Information Security Director and other stakeholders to improve security procedures, training, IT processes, and the security of existing systems.
- Review and update the firm's information security policies.
- Track and schedule activities related to certifying the firm's Information Security Management System's ISO27001 certification.
- Coordinate with other IT teams and other departments to perform risk assessments and track risk mitigation and remediation.
- Effectively communicates with stakeholders at all levels of the organization.
- Analyzes and reports on risk trends and metrics.
- Analyze client and stakeholder requirements in support of Business Continuity planning efforts.
- Support development of Business Continuity and Disaster Recovery plans and related documents in accordance with recognized standards and best practices.
Ideal Qualifications: - Bachelor's degree or equivalent experience in Information Systems Security or related field.
- 3+ years of relevant experience working in a related role.
- Certifications in relevant areas.
- Strong writing / documentation skills.
- Highly organized.
- Strong communication skills.
- Self-starter with the ability to work independently, while having good judgment as to when consultation is required.
- Ability to work on multiple projects and perform well under deadlines.
- Enthusiastic, flexible, willing to pitch in where needed.
- Strong drive to learn and grow in the cyber security field.