GRC Analyst

About the Role

The GRC analyst helps maintain A-LIGN’s management system as it relates to information security standards. In this role, you will be responsible for the coordination, maintenance, and improvement of A-LIGN’s corporate compliance program, including internal and external audits.

Reports to

Director of Compliance and Program Management

Pay Classification

Full-Time

Responsibilities 

• Support information security compliance programs across applicable frameworks, including SOC 2, ISO 27001, ISO 42001, FedRAMP, CMMC, and NIST 800-53/171
• Coordinate audit, assessment and testing activities with internal and external stakeholders
• Validate identified findings and nonconformities, manage remediation tracking, monitor resolution progress, and report status to stakeholders
• Review, update, and maintain information security documentation in accordance with applicable standards and organizational objectives
• Maintain and update the GRC platform (Optro) current with risk, control, and compliance data
• Assist with the implementation and ongoing management of data loss prevention (DLP) programs, including false positive identification, policy violations, incident monitoring and response coordination
• Support third-party risk management activities, including contractor oversight and vendor due diligence reviews
• Assist with client-issued security questionnaires and assessments
• Assist with risk management, vulnerability management, incident reviews, data disposal reviews, and BC/DR planning and testing
• Monitor and track employee completion of security training and awareness programs

Minimum Qualifications

EDUCATION

• Bachelor’s degree in management information systems, Information Security, Cybersecurity, Business or a related field or an equivalent combination of education and experience

EXPERIENCE

• At least 1 year of IT security, governance, risk, or compliance-related experience
• Knowledge of security and risk frameworks
  • Preferred knowledge of SOC 2, ISO 27001, ISO 42001, FedRAMP, CMMC, NIST 800-53, NIST 800-171
• Preferred: Knowledge of GRC tools (Optro, OneTrust, etc.)

CERTIFICATIONS         

• Preferred: CISA, CISM, Security+, CCSK, ISO Lead Auditor

SKILLS

• Ability to meet deadlines with a high degree of motivation
• Excellent critical thinking and problem-solving skills
• Strong communication and organizational skills
• Thrives in a fast-paced environment
• Ability to work individually as well as collaboratively

Benefits

• Employer Paid Life & Health Insurance
• Competitive Bonus Structure
• Home Office Reimbursement
• Technology Allowance
• Certification Reimbursement
• BeneficiaT Discount Loyalty Program
• Personalized Career Coaching
• Generous Paid Time Off
• Paid Office Closure December 25-January 1
• Summer Hours

About A-LIGN 

A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com. 

Come Work for A-LIGN! 

Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on LinkedIn.  

A-LIGN is an Equal Opportunity Employer.