Senior Governance, Risk and Compliance (GRC) Analyst II
August 9
🏢 In-office - San Francisco
Description
• In support of multiple frameworks (e.g. ISO 27XXX, SOC2) plan, design and execute controls testing, controls assessment and risk management practices. • Develop and execute on dynamic risk-based information security risk management and third party risk management programs. • Execute on the risk assessment life cycle including identifying key risks, assessing risks and controls, calculating residual risk, identifying areas of improvement and collaborating with control owners on remediation plans against products, features, datasets, applications, and third parties. • Collaborate with cross-functional teams to develop and implement privacy policies, procedures, and controls to mitigate data privacy risks. • Provide expertise and guidance on data privacy laws and regulations, including GDPR, CPRA, EU AI Act and other relevant frameworks. • Design and execute strategies for ensuring organizational compliance with SOC2, GDPR, Data Privacy, federal, state, and local government compliance, or similar regulations. • Conduct impact assessments (PIAs, BIAs, AIIAs) and assist in developing strategies to address identified risks. • Conduct data classification assessments to identify and categorize sensitive information based on its level of confidentiality, criticality, and regulatory implications. • Assist with the preparation of reports and presentations for management and regulatory agencies. • Participate or lead special ad-hoc projects or initiatives as assigned.
Requirements
• Seven (7) years or more of relevant experience in risk-based technology compliance management programs, or Auditing experience • Experience in performing risk-based testing for control compliance, including the identification, assessment, and mitigation of compliance issues: understanding how to balance the company's risk appetite to compliance needs/requirements • Detailed knowledge and experience with technology controls across a variety of industry frameworks and how to assess controls supporting compliance for SOC2, FedRamp, CMMC, ISO 27001, ISO 27701, ISO 42001, CSA Star and global privacy regulations. • Detailed knowledge of information security, technology compliance management industry frameworks and standards: NIST, OWASP, SANS, ISO-27001/2. • Experience developing dynamic approaches to the implementation of a technology compliance program utilizing a variety of testing methods, both manual and automated, to provide qualitative and quantitative results where applicable • Strong analytical and problem-solving skills. • Excellent project management, written and verbal communication skills. • Ability to manage multiple priorities and deadlines. • Proven track record as a strong cross-teams collaborator and team player, dealing with complex programs and influencing cross-functional audiences. • Required to work on-site 3 days a week (Tuesday, Wednesday, Thursday) in San Francisco or 4 days a week (Monday through Thursday) in Miami. Managers may require additional on-site days.
Benefits
• Support in the development and implementation of compliance training and awareness programs • Be a trusted advisor for internal audit programs to expedite reviews and mitigate operational impacts
Apply Now
