GRC Analyst
 Vaco | |
$50.00 - $65.00 / hr
| |
 United States, Pennsylvania, Pittsburgh | |
 Jan 07, 2025 | |
|
THIS ROLE IS NOT AVAILABLE FOR C2C or VISA SPONSORSHIP We currently have a 6-month contract to hire the opportunity available for a Governance, Risk, & Compliance (GRC) Analyst with one of our local clients here in Pittsburgh. This is a hybrid role and would have some onsite requirements, so this individual must be in the Pittsburgh market. Working as an integral member of the Security & Privacy Compliance group within the Information Security team, the GRC Analyst will contribute to the continual effort of the Governance, Risk, Compliance, and Audit program. The GRC Analyst will implement, maintain, and improve policies, standards, procedures, and internal controls to assure compliance with applicable regulatory and legal requirements, and information security best practices. The GRC Analyst will be adept at conducting gap analysis, audit management, and risk assessments as it relates to Client's risk management posture. Additional GRC Analyst responsibilities require programming documentation, program leadership, and project management experience. Essential Responsibilities: Continuously improving Client's Information Security Management program. Managing the remediation of risks identified through the risk register process and contributing to the improvement of risk treatment plans and the overall risk management program. Assisting in the development and maintenance of all relevant program documentation, policies, standards, guidelines, and frameworks. Educating risk owners on risk management best practices and collaborating with key stakeholders in the development and implementation of risk controls and risk treatment plans. Assisting in the identification of risk trends by establishing and monitoring key performance and key risk indicators via risk and business impact assessments. Internally assessing, evaluating, and making recommendations regarding the adequacy of implemented security controls. Exploring opportunities to improve GRC processes through automation and continuous monitoring of information security controls, risks, and exceptions, and development of reporting metrics, dashboards, and evidence artifacts. Managing the security exception process, including the completion of security exceptions, tracking, and following up on alternative mitigating action items detailed within approved security exceptions. Coordinating and tracking security-related audits including scope of audits, stakeholder engagement, and deliverable timelines. Collaborating with teams as appropriate to keep audit focus in scope. Providing guidance, evaluation, and advocacy on audit responses. Tracking and implementing corrective action plans resulting from audit findings. Documenting and reporting control failures and gaps to stakeholders. Providing remediation guidance and preparing management reports to track remediation activities. Maintaining the vendor risk management program including vendor reviews and vendor risk assessments; improving the program with the build-out of repositories, tools, and documentation for third-party vendor risk assurance. Desired Knowledge, Skills, and Abilities: Strong understanding of fundamental information security concepts and technology. Knowledge of information security risk management frameworks and compliance practices. Knowledge of applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations. Understanding technical and organizational security vulnerabilities, threats, and risks. Excellent analytical, problem-solving, and decision-making skills. Effective communication (written and verbal) and presentation skills. Strong work ethic with attention to detail. Willingness to learn and adapt as the situation arises. Skilled at applying a risk-based approach to planning, executing, and reporting on audit engagements and auditing process. An ability to effectively communicate technical issues to diverse audiences, both in writing and verbally. Ability to work with cross-functional teams across organizational and cultural boundaries to achieve policy and process compliance. Ability to develop security standards and guidelines based on best practices and industry standards. Ability to work independently and manage a fluid workload. Preferred Qualifications: 5+ years of experience in Information Technology, Security Analysis, Governance, Risk and Compliance and/or Internal Audit management. Experience working with GRC automation platforms (in particular Vanta) Experience performing information security audits or risk assessments. Experience managing compliance-driven readiness activities as well as remediation and certification efforts. (e.g., ISO 27001, HIPAA, HITRUST, SOC2, FedRAMP) Bachelor's degree in related field or equivalent work experience. ISACA or (ISC)2 Certification is a plus. Vaco values a diverse workplace and strongly encourages women, people of color, LGBTQ+ individuals, people with disabilities, members of ethnic minorities, foreign-born residents, and veterans to apply. EEO Notice
Vaco is an Equal Opportunity Employer and does not discriminate against any employee or applicant for employment because of race (including but not limited to traits historically associated with race such as hair texture and hair style), color, sex (includes pregnancy or related conditions), religion or creed, national origin, citizenship, age, disability, status as a veteran, union membership, ethnicity, gender, gender identity, gender expression, sexual orientation, marital status, political affiliation, or any other protected characteristics as required by federal, state or local law. Vaco LLC and its parents, affiliates, and subsidiaries are committed to the full inclusion of all qualified individuals. As part of this commitment, Vaco LLC and its parents, affiliates, and subsidiaries will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed to participate in the job application or interview process, to perform essential job functions, and/or to receive other benefits and privileges of employment, please contact HR@vaco.com . Vaco also wants all applicants to know their rights that workplace discrimination is illegal. By submitting to this position, you agree that you will be giving Vaco the exclusive right to present your as a candidate for the foregoing employment opportunity. You further agree that you have represented information about yourself accurately and have not affirmatively misrepresented your qualifications. You also agree to maintain as confidential, to the fullest extent permitted by law, any information you learn from Vaco about the position and you will limit disclosure of information about the position only to the extent necessary to perform any obligations in furtherance of your application. In exchange, Vaco agrees to exercise reasonable efforts to represent you through all solicitation, job screening and resume dispersal. Privacy Notice
Vaco LLC and its parents, affiliates, and subsidiaries ("we," "our," or "Vaco") respects your privacy and are committed to providing transparent notice of our policies.
Pay Transparency Notice
Determining compensation for this role (and others) at Vaco depends upon a wide array of factors including but not limited to:
With that said, as required by local law, Vaco believes that the following salary range referenced above reasonably estimates the base compensation for an individual hired into this position in geographies that require salary range disclosure. The individual may also be eligible for discretionary bonuses. | |