Share this Job

Title:  GRC Analyst

Location: 

Bangalore, Karnataka, IN, 560071

Requisition ID:  32063
Job Summary

 

The Governance, Risk & Compliance (GRC) Analyst will focus on facilitating the review, development, implementation, and documentation of EIS security policies, procedures, processes, programs, and practices to guide the organization towards continuous compliance with ISO27001, DFARS/NIST 800-171, and GDPR framework guidelines. The analyst will work with the overall IT GRC team and the business to support process documentation and review, reporting and analytics, and developing and maintaining in the system of record appropriate records related to policy, procedures, control self-assessments, risk, etc.

Duties and Responsibilities

 

  • Ensures all IT policy and procedures are documented and updated according to EIS standards, deadlines are met, approvals obtained, guidelines followed, repository usage understood, and repository / system of record up-to-date as defined by the EIS Governance program
  • Engages with technical process owners to understand technical process steps, identify risk, and drive toward a completed documentation that aligns with the EIS Governance and Risk Management programs
  • Functions as the EIS GRC repository system owner and SharePoint SME and trains/supports EIS team members with repository system usage, including one-on-one training and drafting training guidelines when necessary
  • Provides solutions and coordinates the execution of control mechanism/testing against technical procedures to ensure appropriate execution and that risk is mitigated to an appropriate level
  • Analyzes business problems using software, analytical tools and techniques, business process and technical knowledge and to general common sense to formulate solutions
  • Defines and delivers appropriate EIS GRC metrics, analytics, and scorecards
  • Maintains all versions and version control for all EIS GRC program documentation and pipeline with a thorough understanding of the processes and communicates the status
  • Organizes and leads EIS GRC-related meetings and prepares meeting agendas
  • Serves as an escalation point for the GRC operations team on Business Risk Analysis requests, vendor compliance surveys, and facilitates vulnerability mitigation discussions with internal and external business users.
  • Interact in both oral and written communications with all levels of technical and executive staff in matters related to information security and security awareness materials.
  • Work with Internal Audit and outside consultants as appropriate on required security assessments and audits
Minimum Qualifications

 

  • Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field strongly preferred; equivalent combination of education and experience may be substituted in lieu of degree.
  • At least two (2) years of GRC (governance, risk, compliance) experience with methodologies, activities, tools and enablers in a technology related industry and five (5) – seven (7) years of experience in business process analysis, project methodology, or systems development life cycle through education or on-the-job experience, required.
  • Ability to demonstrate a strong understanding of various compliance and regulatory areas (e. g. GDPR, DFARS/NIST 800-171, ISO27001) or the risk register, risk exposure, risk reporting and handling of risk events.
  • Excellent written and verbal communication skills.
  • Strong analytical and problem-solving skills.
  • Ability to work both independently and as part of a team to deliver quality work product in a timely fashion in a fast-paced environment.
  • Ability to multi-task and prioritize tasks.
  • The ability to work well with people from many different disciplines with varying degrees of technical experience.
  • The ability to adapt to a dynamic, rapidly changing business and technical environment.
  • Ability to exercise good professional judgment.
  • Ability to maintain confidentiality.
  • Ability to oversee all aspects of projects and manage projects through the entirety of the life cycle Preferences
  • Ability to develop security standards and guidelines based on best practices and industry standards


Job Segment: Engineer, Law, Developer, Information Systems, Risk Management, Engineering, Legal, Technology, Finance