Home » Jobs » GRC Analyst

GRC Analyst

Summary of Position:
This position will plan and perform IT risk assessments, IT compliance audits, develop, design, and verify IT internal control effectiveness.

Essential Functions:
•    Participates in all aspects of audit activities including risk assessments, planning, testing, control evaluation, documentation, report drafting, issue clearance with technology stakeholders, and follow-up/verification of issue closure.
•    Identifies risks, designs controls, and creates testing procedures. Participates in both standalone technology and business integrated audits. Monitors various projects with major application development initiatives and performing continuous risk assessments of coverage areas.
•    Performs hand-on, technical IT internal control testing of information systems.
•    Perform IT risk assessments of new technologies, applications, & processes according to risk management procedures and participates in Enterprise Architecture reviews.
•    Perform Control Assessments (SOX, PII, PCI, HIPAA)
•    Research/recommend best practices for risk management activities
•    Coordinate risk/compliance information for management reporting purposes

Job Requirements

•    Bachelor’s degree in Business or IT or equivalent.
•    3+ years’ experience in SOX, IS Security, Audit, Risk and/or Compliance
•    Good understanding of IT audit, compliance, and risk management methodologies
•    Demonstrates strong knowledge in ISO 27001:2013, COSO:2013, COBIT V, NIST, PCI-DSS,
•    Ability to manage appropriate tests aligned to compliance regulations and execute assigned testing
•    Hands-on experience working with, and auditing Microsoft Active Directory, Unix/Linux, Databases, Microsoft Office 365, Azure, Webservers, and Networking
•    Ability to develop scripts to assist in control testing
•    CISA certification
•    Knowledge of Excel
•    Experience with internal controls, risk assessments, business process and internal IT general control testing or operational auditing
•    Understanding in auditing techniques and/or computer control environments
•    Successful experience identifying controls, developing, and executing test plans
•    Experience conducting IT risk assessments
•    Experience in IT Compliance
•    Fundamental knowledge of information security standards (ISO 27001:2013, COBIT 5, NIST)

Core Competencies:
•    Natural passion for security and compliance to see both projects and investigations to completion
•    Effective oral and written communication, performance management, issue resolution, negotiation, motivating team members, forecasting, and planning
•    High level of personal integrity, and the ability to professionally handle confidential matters
•    Have strong written and oral communication skills with the ability to explain technical ideas to non-technical individuals at any level
•    Functional technical knowledge of infrastructure, networking, architecture, security, and applications
•    Meet project implementation targets
•    Highly organized and task oriented.
•    Problem solving and troubleshooting skills.
•    Ability to prioritize and assign tasks.

10 – 20%