CambridgeRecruiter Since 2001
the smart solution for Cambridge jobs

Governance, Risk and Compliance Analyst

Company: Accelcia Business Services
Location: Cambridge
Posted on: May 22, 2023

Job Description:

Governance, Risk and Compliance Analyst
Cambridge, MA or HybridAbout this position:
The Governance, Risk, and Compliance (GRC) Analyst develops and maintains information security policies and workforce training and awareness. The GRC Analyst serves as a critical resource for staff and leaders regarding information security policy implementation, interpretation, and compliance. The GRC Analyst assesses and prioritizes information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics.
The GRC Analyst is responsible for reducing information security and cybersecurity risk by helping to prioritize and drive remediation efforts throughout the organization through the following:


  • Establishing and maintaining governance and compliance standards.
  • Conducting risk assessments to identify vulnerabilities internally and within vendor or third-party supplier products.
  • Creating, maintaining, communicating, and enforcing information security policies.
  • Advising senior leadership on risk management strategies, including risk mitigation, risk reduction, risk transfer, the risk exception process and residual risk analysis.

    The GRC Analyst independently executes high-quality, enterprise-class solutions consistent with regulations and established frameworks. The GRC Analyst holds team and organization level responsibilities and may lead small to medium scale projects. The GRC Analyst works with employees, and leaders across the organization.
    This position reports directly to the Director, Security and Compliance.
    In this role you will:
    Governance and Compliance

    • Develop and implement data security risk reporting frameworks for management teams and governance committees.
    • Design and document technical, administrative, and physical controls to ensure the business demonstrates compliance, ensuring that the organization meets both the requirements and intent of its regulatory and compliance obligations.
    • Facilitate the remediation of control gaps and escalates critical issues to leadership.
    • Manage an exception review and approval process, and assure exceptions are documented and periodically reviewed.
    • Prepare for and facilitate examinations by qualified security assessors for SOX, SOC2, ISO27000, GDPR and CCPA. Works closely with control owners and internal and external auditors to ensure requests are completed timely.
    • Assist with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for management.

      Information Security Risk Assessment

      • Identify, analyze, evaluate, and document information security risks and controls based on established risk criteria.
      • Conduct security risk assessments of planned and installed information systems to identify vulnerabilities and risks.
      • Recommend controls to mitigate security risks identified via risk assessment process.
      • Communicate risk findings and recommendations that are clear and actionable by business stakeholders.

        Security Policy Management and Workforce Training and Awareness

        • Support workforce security activities including culture, awareness, and training.
        • Analyze information security incidents in collaboration with other stakeholders.
        • Coordinate remediation and awareness training.
        • Research, recommend, and contribute to information security policies, standards, and procedures. Assists with the lifecycle management of information security policies and supporting documents.
        • Work with other organizational participants to implement information security policies.

          Third-party Supplier and Vendor Risk Management

          • Perform third-party supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle. Assesses and reports on the risks and benefits for the business as well as mandates for supplier compliance.
          • Articulate results of the final assessments to business stakeholders, project sponsors, program managers, and other internal parties.
          • Assist with review of information security sections within supplier contracts, identifies gaps, and recommends security and data privacy content to close gaps.
          • Maintain inventory of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities.

            Experience:

            • ISC2 Certified in CyberSecurity, CompTIA Security+, OCEG GRCP or Active-Duty military service in a primary cybersecurity Military Occupational Specialty (MOS)
            • Working collaboratively in a team environment
            • Excellent interpersonal skills with the ability to interface with all levels of the organization
            • Ability to think strategically and tactically, with effective decision-making skills
            • General understanding of ISO 27001, NIST, SOX, the General Data Protection Regulation (GDPR), Center for Internet Security (CIS) standards or Service Organization Controls (SOC) 2, and ability to implement programs in support of these standards/regulations.
            • Working knowledge of common operating systems.
            • High School Diploma, GED, HiSET, or TASC.

              Preferred Experience:

              • ISC2 Certified in CyberSecurity or Security+, and GRCP
              • Advanced-level SANS, ISACA, or GIAC certification/s
              • Experience as a team leader, coach, service manager, or teacher

                Why you'll like it here:

                • Context Labs is collaborative at its core. You'll work within your team and across the organization allowing for continuous learning and discovery.
                • We set goals that matter and provide value in all that we do, from building meaningful products to positively impacting carbon reduction and climate change.
                • Context Labs' mission is to transform complex data into continuously proven information. Powered by Immutably---, an innovative, trusted data fabric platform, our integrated solutions deliver context-driven insights that enable human networks to spot patterns, correlate trends - and reveal the ground truth hidden inside the world's most complicated, persistent problems.

                  We understand that applying for a job can be intimidating. Applicants rarely meet every single job requirement, and we know there are many skills and backgrounds that will contribute to success in this role. If you're interested in applying, please do so.
                  Context Labs embraces diversity and equal opportunity. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. We believe the more inclusive we are, the better our products will be. Context Labs will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, perform essential job functions, and receive other benefits and privileges of employment. If you require accommodation, please contact Erica Mackoff at HR@contextlabs.com.
                  Who we are:
                  Context Labs solves big global problems by elevating trust in data. Our Immutably--- Platform solutions enable individuals, companies, and governments to produce data-driven insights that can be irrefutably trusted and verified. While the technology has broad application, our main focus is on climate initiatives that move the needle.We're a rapidly growing team of creative problem-solvers that leverage disruptive technology to crack the world's fundamental "too hard" challenges (such as decarbonization and water/food security). Do you want to have an impact working with smart, passionate people that push themselves, support each other and celebrate wins as a team? Join us.

Keywords: Accelcia Business Services, Cambridge , Governance, Risk and Compliance Analyst, Professions , Cambridge, Massachusetts

Click here to apply!

Didn't find what you're looking for? Search again!

I'm looking for
in category
within


Log In or Create An Account

Get the latest Massachusetts jobs by following @recnetMA on Twitter!

Cambridge RSS job feeds