Job Description

We are seeking an experienced and dedicated GRC (Governance, Risk, and Compliance) Analyst to join our dynamic team. In this role, you will play a crucial part in ensuring the organizations & adherence to regulatory requirements, privacy standards, security practices, and technical audits. While reporting to the Security Compliance Manager, your primary focus will be on supporting customer's compliance activities around ISO27001, CCPA, CPRA, HIPAA, ISO9001, GDPR, FDA Security Standards, and SOX. You will also manage administrative tasks and security & privacy initiatives using the One Trust platform. Additionally, your role will involve contract reviews, compliance reporting, technical audits, and assisting in the establishment of security and privacy metrics/KPIs.


##### Key responsibilities:


###### Privacy Management:


• Lead the management of privacy-related tasks by utilizing the OneTrust platform to maintain accurate and comprehensive Records of Processing Activities (RoPAs).
• Take ownership of the Data Protection Impact Assessment (DPIA) process, collaborating with cross-functional teams to identify and mitigate privacy risks associated with new projects and initiatives.
• Champion privacy-by-design principles across the organization, ensuring that all processes and systems align with relevant privacy regulations (CCPA, CPRA, GDPR, etc.).
• Stay vigilant about changes in the privacy landscape, proactively updating privacy management strategies to maintain compliance and data protection.

###### Compliance Management:


• Collaborate closely with the Security Compliance Manager to establish and enhance the organizations compliance with a range of standards, including ISO27001, ISO9001, FDA Security Standards, HIPAA, SOX, and other relevant frameworks.
• Execute regular compliance assessments to identify potential gaps, devising and executing corrective action plans to address non-compliance issues effectively.
• Provide valuable support during compliance audits and reviews, engaging with internal and external auditors to ensure thorough assessments and timely remediation.

###### Technical Audits:


• Plan and conduct technical audits of information systems, networks, and applications to assess their alignment with security controls and industry best practices.
• Collaborate with IT teams to identify vulnerabilities, assess potential risks, and recommend remediation strategies to enhance overall security posture.
• Work alongside internal and external auditors during technical audits to provide insights into security and privacy controls.

###### Contractual Review and Negotiation:


• Utilize your expertise to comprehensively review contracts, agreements, and vendor relationships, with a keen focus on embedding necessary security and privacy clauses to safeguard the organizations interests.
• Collaborate seamlessly with the Legal and Procurement teams to ensure contracts align with regulatory requirements and security best practices.
• Manage Legal risk register related to security and privacy.

###### Reporting and Metrics Management:


• Partner with the Security Compliance Manager to create insightful compliance reports that offer clear insights for executive management and regulatory bodies.
• Play an integral role in defining key performance indicators (KPIs) and relevant metrics, supporting their tracking and assessment to gauge the effectiveness of the compliance program.

###### Training and Knowledge Dissemination:


• Assist in the development and delivery of impactful training programs that elevate the awareness of security and privacy best practices across all levels of the organization.
• Act as a knowledgeable resource, providing guidance and assistance to employees seeking clarity on compliance-related matters.

###### Stakeholder Collaboration & Communication:


• Serve as the bridge between technical teams, the Security Compliance Manager, and business units to ensure seamless communication regarding compliance matters.
• Facilitate training and workshops to raise awareness and understanding of compliance requirements across the organization.

##### Mandatory Skills:


• Highly developed analytical skills for both qualitative and quantitative data as they relate to customer's products and services.
• Risk assessment capabilities. The ability to assess the alternatives and decide based on the risk is critical.
• The ability to understand the risk tolerance of customer's business and processes.
• Extensive knowledge of the ISO 27001 cyber security domains
• Extensive knowledge of GDPR and international data transfer requirements
• Knowledge in the following areas of application security (SDLC), Business Impact Analysis (BIA), Risk Assessment (RA), Security Awareness Training, Incident Response (IR), Security Operation Center (SOC), Vulnerability Management, Business Process Management (BPMN), Identity & Access Management (IAM)
• Network security technology and architecture, such as firewalls, IDS/IPS, Radius, NAC, Zero Trust, Telecommunication (Core Networking).
• Takes a proactive approach, can communicate at all levels, and negotiate with diplomacy.
• Effectively present information, ideas, and perspective to team members and managers while clearly and willingly answering questions.
• Excellent writing skills for creating policies, procedures, and standards.
• Applies a strong teamwork ethic.

##### Required Qualifications:


• 5+ years technology experience
• 5+ years of Information Security experience
• Any Graduates
• A minimum of 3 years' experience as a compliance officer, compliance manager, or similar position.
• Strong knowledge of industry processes and regulations.
• Outstanding communication and interpersonal abilities.
• An analytical mindset with excellent organizational skills.

##### Desired Qualifications:


• CCEP (or other CCB certification)
• CIPP
• CISSP
• CISA
• ISO 27001 lead auditor / lead implementer
• Extensive knowledge of at least the following frameworks/standards:
• ISO27001/2
• SOC2
• SOX
• HIPAA / HITRUST
• GDPR/CCPA
• PCI-DSS