NaphCare is searching for an experienced Senior GRC Analyst to join our team on-site at our Corporate Headquarters in Birmingham, AL 35216.
The GRC Analyst will collaborate with process owners, internal auditors, external auditors, and other stakeholders in order to assist in reviewing, monitoring, and resolving findings. This includes helping the team manage SOC 2 Compliance programs. By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2, SOX, and other GRC activities, the GRC Analyst will also contribute to the transformation of the company’s IT compliance program.
Responsibilities Manage risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with NIST standardsManage and support SOC 2Promote widespread implementation of ISO standardsMaintain and monitor a central repository for audit evidenceInform the proper stakeholders of important concerns and hazardsWork together with other stakeholders to link our corporate IT, procurement, and privacy departments with GRC objectivesMaintain up-to-date knowledge of procedures and methods that serve to broaden team knowledge and industry expertiseManage security standards, policies, and practices on an annual basis to make sure they meet corporate demandsAssist the department in responding to inquiries from the business units about ongoing operational compliance Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancementsShare information with managers to avoid surprises, draw attention to problems, and guarantee delivery on time
Education
Degree in information cybersecurity, risk management, governance, or a related field Qualifications 5+ years of direct experience in information security, with a main emphasis on risk and compliance3+ years of expertise conducting SOC 2 audits, as well as handling audit responsesThorough understanding of market structures, including relevant regulatory compliance requirements (SOC 2 , NIST, FedRamp, CMMC, GDPR, etc.)Knowledge of identity management standards, storage, and disaster recovery in the cloudKnowledge of GRC tool techniques and best practices (ServiceNow, Drata, or Vanta)Proven track record of organizing and carrying out several risk and compliance projectsAbility to successfully manage third-party audits, compile evidence, and organize audit responsesEffective written and verbal communication skills and the capability to communicate with cross-functional teamsProven analytical and problem-solving abilities for managing initiatives that advance corporate goals
Preferred Qualifications
Security+ Options ApplyApplySubmit a ReferralRefer Sorry the Share function is not working properly at this moment. Please refresh the page and try again later. Application FAQsSoftware Powered by iCIMS
www.icims.com