IT GOVERNANCE, RISK MGMT & COMPLIANCE ANALYST
Share
Job Location:
Orlando, FL - USA
Monthly Salary:
Not Disclosed
Posted on:
20 hours ago
Vacancies:
1 Vacancy
Job Summary
IT GOVERNANCE RISK MGMT & COMPLIANCE ANALYST
General Description:
The IT Governance Risk & Compliance (GRC) Analyst supports the organizations IT governance cybersecurity risk management and compliance programs. This role assists with policy development control monitoring risk assessments audit activities and ongoing compliance initiatives. The GRC Analyst works closely with IT teams Security Operations Internal Audit and business stakeholders to help maintain a strong security posture reduce risk exposure and ensure adherence to regulatory and corporate requirements.
Essential Duties and Responsibilities:
Governance Support
Assist in maintaining IT policies standards and procedures.
Help track compliance with IT governance frameworks such as NIST CSF ISO 27001 COBIT and SOC 2.
Participate in documenting IT processes workflows and control activities.
Support the creation of reports and dashboards for leadership on IT controls risks and compliance status.
Risk Management
Participate in IT risk assessments for systems vendors and new projects.
Track identified risks and help ensure mitigation actions are documented and completed.
Assist in maintaining the IT risk register and risk scoring documentation.
Support vendor risk management activities including collecting security questionnaires SOC reports and compliance evidence.
Compliance & Audit Support
Collect evidence for internal and external audits including SOX ITGC testing cybersecurity audits and regulatory reviews.
Conduct periodic control testing to confirm controls are operating effectively.
Document findings assist in remediation tracking and support improvement of control processes.
Monitor compliance with regulatory requirements (e.g. SOX HIPAA PCI-DSS GDPR/CCPA depending on industry).
Cybersecurity & IT Controls
Assist in maintaining IT general controls (access management change management backup controls etc.).
Support continuous monitoring of security and compliance controls.
Help identify control gaps and propose improvements to enhance security and compliance posture.
Awareness & Training Support
Help prepare materials for cybersecurity awareness governance training and compliance communications.
Collaborate with departments to promote adoption of governance and security best practices.
Supplemental Information:
This job description has been prepared to indicate the general nature and level of the work that the employees perform within their classification. This description is not and cannot be interpreted as an inventory of all the duties tasks responsibilities and qualifications required for the employees assigned to this job.
Education and / or Experience:
Required:
- Bachelors degree in Information Technology Cybersecurity Business or related field preferred.
- 1 3 years of experience in IT security IT audit risk management or compliance (or strong internship/entry-level experience).
- Familiarity with security frameworks such as NIST ISO 27001 or SOC 2 is a plus.
- Experience with audit activities or IT controls is beneficial.
- Understanding of IT general controls and basic cybersecurity concepts.
- Strong analytical documentation and organizational abilities.
- Ability to interpret policies procedures and regulatory requirements.
- Excellent written and verbal communication skills.
- Experience with GRC platforms (e.g. ServiceNow GRC Archer OneTrust) is a plus.
- Ability to work independently and collaboratively in a fast-paced environment.
Preferred:
- Security
- CISA (entry-level knowledge acceptable)
- CRISC (optional)
- ISO 27001 Foundations
- Any introductory cybersecurity or auditing certification
Key Skills
- ISO 27001
- Microsoft Access
- Risk Management
- Financial Services
- PCI
- Risk Analysis
- Analysis Skills
- COBIT
- NIST Standards
- SOX
- Information Security
- Data Analysis Skills
