We are looking for a motivated Junior GRC Analyst to support our cybersecurity compliance efforts. The ideal candidate will have a foundational understanding of compliance frameworks such as ISO 27001. This role involves assisting in documentation preparation, SOP creation, and supporting various compliance initiatives within the organization. The Junior GRC Analyst will work closely with senior team members to gain hands-on experience in governance, risk management, and compliance processes.
Key Responsibilities
- Assist in preparing evidence for compliance audits related to ISO 27001:2013 and its transition to ISO 27001:2022 by gathering necessary documentation and ensuring accuracy.
- Support the development of SOPs into a unified format by collaborating with team members to standardize processes across departments.
- Have an understanding and be able to create a unified controls framework based on different frameworks standards.
- Deep knowledge concerning various standards, frameworks, laws, and regulations and be able to reason and understand the requirements of the relevant controls and clauses.
- Knowledge and at least 3+ years specific hands-on experience on GRC compliance tools in the market.
- Participate in various audit and compliance requirement activities such as access reviews by evaluating user permissions against the established security policies and helping identify any discrepancies or areas for improvement.
- Help draft necessary documentation for compliance initiatives by compiling information from various sources and ensuring clarity in communication.
- Assist in training staff on GRC policies and procedures by contributing to training materials and participating in training sessions as needed.
- Conduct comprehensive risk assessments to identify, assess, and prioritize risks that could impact business operations, ensuring alignment with GRC frameworks.
- Collaborate with team members to gather information on current processes and suggest improvements based on industry best practices.
- Monitor the effectiveness of risk management strategies and make recommendations for improvements.
- Conduct research on industry trends related to governance, risk management, and compliance to support ongoing improvement efforts within the organization.
Qualifications
- Bachelors degree in information technology, Cybersecurity, or a related field; relevant certifications (e.g., ISO 27001 Lead Implementer, CompTIA Security+, GRCP) are preferred. equivalent work experience may be considered.
- Minimum of 4-5 years of experience in GRC roles with a strong focus on cybersecurity compliance frameworks.
- Strong ability to conduct risk assessments, audits, and internal assessments across various compliance frameworks.
- Strong organizational skills with attention to detail; ability to manage multiple tasks simultaneously while maintaining accuracy.
- Excellent written and verbal communication skills; ability to convey complex information clearly.
Work Environment
Candidates will work within a collaborative team environment that encourages learning and professional development opportunities in cybersecurity. This role offers a unique opportunity to gain valuable experience in governance, risk management, and compliance while contributing to the organization's overall security posture
This job is provided by Shine.com
