GRC Analyst - Bethlehem, United States - HireRight

Description

About HireRight:

HireRight is the premier global background screening and workforce solutions provider. We bring clarity and confidence to vetting and hiring decisions through integrated, tailored solutions, driving a higher standard of accuracy in everything we do. Combining in-house talent, personalized services, and proprietary technology, we ensure the best candidate experience possible. PBSA accredited and based in Nashville, TN, we offer expertise from our regional centers across 200 countries and territories in The Americas, Europe, Asia, and the Middle East. Our commitment to get it right every time, everywhere, makes us the trusted partner of businesses and organizations worldwide.

This role is based in Poland as an Information Security GRC Analyst reporting to the Information Security GRC Audit Manager on the Governance Risk & Compliance (GRC) Team. This GRC Analyst will collaborate with process owners, internal auditors, external auditors, and other stakeholders to help review, monitor, and resolve findings. This includes helping the team manage ISO27001 and SOC 2 Compliance programs. By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2, ISO 27001 and ISO

• Manage risk and vulnerability assessments, validation testing, compliance reviews in accordance with ISO standards
• Manage and support SOC 2 and global ISO 27001/27701 audits including gap analysis
• Promote widespread implementation of ISO standards
• Maintain and monitor a central repository for audit evidence
• Ensure existing policies, procedures and controls are in compliance with applicable laws, regulations, and industry standards
• Develop process adjustments in coordination with information technology and security teams in relation to comply with ISO standards
• Collaborate with other business units and stakeholders to ensure controls are adequate, appropriate, and effective
• Manage mitigation tracking and reporting of risks and audit findings

Education:

• High School diploma or GED required;
• Bachelor's degree in Computer Science, Information Systems, Risk Management or related discipline (preferred).

Experience:

• 5+ years of direct experience in information security, with an emphasis on risk and compliance
• 3+ years of expertise conducting ISO 27001 and SOC 2 audits, as well as owning audit responses

Knowledge & Skills:

• Thorough understanding of Regulations, and Security Control sets: NIST Cybersecurity Framework (CSF), ISO27001, ISO 27701, NIST, GDPR
• Knowledge of GRC tools and best practices (i.e., AuditBoard, ServiceNow, Archer, etc.) a plus
• Security and Privacy controls validation experience preferred
• General IT knowledge (architecture, networking, operations)
• Ability to synthesize complex data, produce appropriate outcomes, and convey information designed for relevant audiences
• Stakeholder and executive audience engagement and communication
• Worked with common business processes and cross-departmental projects
• Exceptional interpersonal, written, and oral communication skills
• Certifications or other specialized training such as: Security+,?ISO27001 Lead Implementor/Auditor, CISA

HireRight offers its employees a permanent contract and a comprehensive package of benefits. From day one you will receive a training plan to get you on board quickly. Additionally, we offer:

• Private Medical Care
• Lunch Vouchers
• Paid Lunch Break (30 Minutes)
• Group Life Insurance
• Career Path & Opportunities to Grow
• Glasses Voucher
• Friendly Atmosphere
• Professional Training
• Cafeteria of Benefits
• Multisport