GRC Analyst - Bethlehem, United States - HireRight

Description

About HireRight:
HireRight is the premier global background screening and workforce solutions provider.

We bring clarity and confidence to vetting and hiring decisions through integrated, tailored solutions, driving a higher standard of accuracy in everything we do.

Combining in-house talent, personalized services, and proprietary technology, we ensure the best candidate experience possible.

PBSA accredited and based in Nashville, TN, we offer expertise from our regional centers across 200 countries and territories in The Americas, Europe, Asia, and the Middle East.

Our commitment to get it right every time, everywhere, makes us the trusted partner of businesses and organizations worldwide.


Overview:
This role is based in

Poland

as a

n Information Security


GRC
Analyst reporting to the

Info

rmation

Sec

urity
GRC
Audit

Manager

on the Governance Risk & Compliance (GRC) Team.

This
GRCAnalyst will collaborate with process owners, internal auditors, external auditors, and other stakeholders to help review,

monitor

, and resolve findings.

This includes helping the

tea

m

manage ISO27001 and SOC 2 Compliance programs. By supporting the implementation of internal and external assessments, responding

to

and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2,
ISO27001

and
ISO

Responsibilities:
Manage risk and vulnerability assessments, validation testing, compliance reviews

in accordance with


ISO
standards
Manage and support SOC 2 and global
ISO27001

/27701

audits

including gap analysis
Promote widespread implementation of
ISO
standards
Maintain and

monitor

a central repository for audit

evidence
Ensure

existing p

olicies,

procedures and controls

are in compliance with

applicable laws, regulations

,

and industry

standards
Develop process adjustments

in coordination with information technology and

s

ecurity teams

in relation to

compl

y

with


ISO
standards
Collaborate with other business units and stakeholders to ensure controls are adequate,

appropriate

, and effective
Manage mitigation tracking and reporting of risks and audit

findings


Qualifications:

Education:
High School diploma or GED

required

;
Bachelor's degree in

C

omputer

S

cience

, Information Systems,

Risk

Management

or related

discipline

.


Experience:
5+ years of direct experience in information security, with a

n

emphasis on risk and compliance
3+ years of

expertise

conducting
ISO27001 and SOC 2 audits, as well as

owning

audit

responses


Knowledge & Skills:
Thorough understanding of

Regulations, and Security Control sets:

NIST Cybersecurity Framework (CSF), ISO27001

,
ISO27701

, NIST, GDPR
Knowledge of


GRCtools and best practices

(i.e.,

AuditBoard

, ServiceNow, Archer, etc.)

a plus
Security and Privacy controls validation experience

preferred
General IT knowledge (architecture, networking, operations)
Ability to synthesize complex data, produce

appropriate outcomes

, and convey information designed for relevant

audiences
Stakeholder and executive audience engagement and communication
Worked with common business processes and cross-departmental

projects
Exceptional interpersonal, written, and oral communication skills
Certifications or other specialized training such as

:

Security+,?ISO27001

L

ead Implementor/Auditor,


CISA

What do we offer:
HireRight offers its employees a permanent contract and a comprehensive package of benefits. From day one you will receive a training plan to get you on board quickly.


Additionally, we offer:
Private Medical Care
Lunch Vouchers
Paid Lunch Break (30 Minutes)
Group Life Insurance
Career Path & Opportunities to Grow
Glasses Voucher
Friendly Atmosphere
Professional Training
Cafeteria of Benefits
Multisport

#J-18808-Ljbffr