GRC Analyst
4 weeks ago
About HireRight:
HireRight is the premier global background screening and workforce solutions provider. We bring clarity and confidence to vetting and hiring decisions through integrated, tailored solutions, driving a higher standard of accuracy in everything we do. Combining in-house talent, personalized services, and proprietary technology, we ensure the best candidate experience possible. PBSA accredited and based in Nashville, TN, we offer expertise from our regional centers across 200 countries and territories in The Americas, Europe, Asia, and the Middle East. Our commitment to get it right every time, everywhere, makes us the trusted partner of businesses and organizations worldwide.
Overview:
This role is based in
Poland
as a
n Information Security
GRC
Analyst reporting to the
Info
rmation
Sec
urity GRC
Audit
Manager
on the Governance Risk & Compliance (GRC) Team.
This GRC Analyst will collaborate with process owners, internal auditors, external auditors, and other stakeholders to help review,
monitor
, and resolve findings.
This includes helping the
tea
m
manage ISO27001 and SOC 2 Compliance programs. By supporting the implementation of internal and external assessments, responding
to
and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2, ISO 27001
and ISO 27701.
Responsibilities:
Manage risk and vulnerability assessments, validation testing, compliance reviews
in accordance with
ISO
standards
Manage and support SOC 2 and global ISO 27001
/27701
audits
including gap analysis
Promote widespread implementation of ISO
standards
Maintain and
monitor
a central repository for audit
evidence
Ensure
existing p
olicies,
procedures and controls
are in compliance with
applicable laws, regulations
,
and industry
standards
Develop process adjustments
in coordination with information technology and
s
ecurity teams
in relation to
compl
y
with
ISO
standards
Collaborate with other business units and stakeholders to ensure controls are adequate,
appropriate
, and effective
Manage mitigation tracking and reporting of risks and audit
findings
Qualifications:
Education:
High School diploma or GED
required
;
Bachelor's degree in
C
omputer
S
cience
, Information Systems,
Risk
Management
or related
discipline
.
Experience:
5+ years of direct experience in information security, with a
n
emphasis on risk and compliance
3+ years of
expertise
conducting ISO 27001 and SOC 2 audits, as well as
owning
audit
responses
Knowledge & Skills:
Thorough understanding of
Regulations, and Security Control sets: NIST Cybersecurity Framework (CSF), ISO27001
, ISO 27701
, NIST, GDPR
Knowledge of
GRC tools and best practices
(i.e.,
AuditBoard
, ServiceNow, Archer, etc.)
a plus
Security and Privacy controls validation experience
preferred
General IT knowledge (architecture, networking, operations)
Ability to synthesize complex data, produce
appropriate outcomes
, and convey information designed for relevant
audiences
Stakeholder and executive audience engagement and communication
Worked with common business processes and cross-departmental
projects
Exceptional interpersonal, written, and oral communication skills
Certifications or other specialized training such as
:
Security+,?ISO27001
L
ead Implementor/Auditor,
CISA
What do we offer:
HireRight offers its employees a permanent contract and a comprehensive package of benefits. From day one you will receive a training plan to get you on board quickly. Additionally, we offer:
Private Medical Care
Lunch Vouchers
Paid Lunch Break (30 Minutes)
Group Life Insurance
Career Path & Opportunities to Grow
Glasses Voucher
Friendly Atmosphere
Professional Training
Cafeteria of Benefits
Multisport
#J-18808-Ljbffr