Governance, Risk and Compliance Analyst
Company: Accelcia Business Services
Location: Cambridge
Posted on: May 22, 2023
Job Description:
Governance, Risk and Compliance Analyst
Cambridge, MA or HybridAbout this position:
The Governance, Risk, and Compliance (GRC) Analyst develops and
maintains information security policies and workforce training and
awareness. The GRC Analyst serves as a critical resource for staff
and leaders regarding information security policy implementation,
interpretation, and compliance. The GRC Analyst assesses and
prioritizes information security and cybersecurity risk across the
organization, facilitates compliance with regulatory requirements
and information security policies, and develops and reports on
information security metrics.
The GRC Analyst is responsible for reducing information security
and cybersecurity risk by helping to prioritize and drive
remediation efforts throughout the organization through the
following:
- Establishing and maintaining governance and compliance
standards.
- Conducting risk assessments to identify vulnerabilities
internally and within vendor or third-party supplier
products.
- Creating, maintaining, communicating, and enforcing information
security policies.
- Advising senior leadership on risk management strategies,
including risk mitigation, risk reduction, risk transfer, the risk
exception process and residual risk analysis.
The GRC Analyst independently executes high-quality,
enterprise-class solutions consistent with regulations and
established frameworks. The GRC Analyst holds team and organization
level responsibilities and may lead small to medium scale projects.
The GRC Analyst works with employees, and leaders across the
organization.
This position reports directly to the Director, Security and
Compliance.
In this role you will:
Governance and Compliance
- Develop and implement data security risk reporting frameworks
for management teams and governance committees.
- Design and document technical, administrative, and physical
controls to ensure the business demonstrates compliance, ensuring
that the organization meets both the requirements and intent of its
regulatory and compliance obligations.
- Facilitate the remediation of control gaps and escalates
critical issues to leadership.
- Manage an exception review and approval process, and assure
exceptions are documented and periodically reviewed.
- Prepare for and facilitate examinations by qualified security
assessors for SOX, SOC2, ISO27000, GDPR and CCPA. Works closely
with control owners and internal and external auditors to ensure
requests are completed timely.
- Assist with the evaluation of the effectiveness of the
information security program by developing, monitoring, gathering,
and analyzing information security and compliance metrics for
management.
Information Security Risk Assessment
- Identify, analyze, evaluate, and document information security
risks and controls based on established risk criteria.
- Conduct security risk assessments of planned and installed
information systems to identify vulnerabilities and risks.
- Recommend controls to mitigate security risks identified via
risk assessment process.
- Communicate risk findings and recommendations that are clear
and actionable by business stakeholders.
Security Policy Management and Workforce Training and Awareness
- Support workforce security activities including culture,
awareness, and training.
- Analyze information security incidents in collaboration with
other stakeholders.
- Coordinate remediation and awareness training.
- Research, recommend, and contribute to information security
policies, standards, and procedures. Assists with the lifecycle
management of information security policies and supporting
documents.
- Work with other organizational participants to implement
information security policies.
Third-party Supplier and Vendor Risk Management
- Perform third-party supplier risk assessments to ensure supply
chain risk is managed throughout the supplier's lifecycle. Assesses
and reports on the risks and benefits for the business as well as
mandates for supplier compliance.
- Articulate results of the final assessments to business
stakeholders, project sponsors, program managers, and other
internal parties.
- Assist with review of information security sections within
supplier contracts, identifies gaps, and recommends security and
data privacy content to close gaps.
- Maintain inventory of relevant suppliers/vendors, controls, and
risks for ongoing vendor risk management activities.
Experience:
- ISC2 Certified in CyberSecurity, CompTIA Security+, OCEG GRCP
or Active-Duty military service in a primary cybersecurity Military
Occupational Specialty (MOS)
- Working collaboratively in a team environment
- Excellent interpersonal skills with the ability to interface
with all levels of the organization
- Ability to think strategically and tactically, with effective
decision-making skills
- General understanding of ISO 27001, NIST, SOX, the General Data
Protection Regulation (GDPR), Center for Internet Security (CIS)
standards or Service Organization Controls (SOC) 2, and ability to
implement programs in support of these
standards/regulations.
- Working knowledge of common operating systems.
- High School Diploma, GED, HiSET, or TASC.
Preferred Experience:
- ISC2 Certified in CyberSecurity or Security+, and GRCP
- Advanced-level SANS, ISACA, or GIAC certification/s
- Experience as a team leader, coach, service manager, or
teacher
Why you'll like it here:
- Context Labs is collaborative at its core. You'll work within
your team and across the organization allowing for continuous
learning and discovery.
- We set goals that matter and provide value in all that we do,
from building meaningful products to positively impacting carbon
reduction and climate change.
- Context Labs' mission is to transform complex data into
continuously proven information. Powered by Immutably---, an
innovative, trusted data fabric platform, our integrated solutions
deliver context-driven insights that enable human networks to spot
patterns, correlate trends - and reveal the ground truth hidden
inside the world's most complicated, persistent problems.
We understand that applying for a job can be intimidating.
Applicants rarely meet every single job requirement, and we know
there are many skills and backgrounds that will contribute to
success in this role. If you're interested in applying, please do
so.
Context Labs embraces diversity and equal opportunity. We are
committed to building a team that represents a variety of
backgrounds, perspectives, and skills. We believe the more
inclusive we are, the better our products will be. Context Labs
will ensure that individuals with disabilities are provided
reasonable accommodation to participate in the job application or
interview process, perform essential job functions, and receive
other benefits and privileges of employment. If you require
accommodation, please contact Erica Mackoff at
HR@contextlabs.com.
Who we are:
Context Labs solves big global problems by elevating trust in data.
Our Immutably--- Platform solutions enable individuals, companies,
and governments to produce data-driven insights that can be
irrefutably trusted and verified. While the technology has broad
application, our main focus is on climate initiatives that move the
needle.We're a rapidly growing team of creative problem-solvers
that leverage disruptive technology to crack the world's
fundamental "too hard" challenges (such as decarbonization and
water/food security). Do you want to have an impact working with
smart, passionate people that push themselves, support each other
and celebrate wins as a team? Join us.
Keywords: Accelcia Business Services, Cambridge , Governance, Risk and Compliance Analyst, Professions , Cambridge, Massachusetts
Didn't find what you're looking for? Search again!
Loading more jobs...
