GRC Analyst

About the Role The GRC analyst helps maintain A-LIGN’s management system as it relates to information security standards. In this role, you will be responsible for the coordination, maintenance, and improvement of A-LIGN’s corporate compliance program, including internal and external audits. Reports to Director of Compliance and Program Management Pay Classification Full-Time Responsibilities  Support information security compliance programs across applicable frameworks, including SOC 2, ISO 27001, ISO 42001, FedRAMP, CMMC, and NIST 800-53/171 Coordinate audit, assessment and testing activities with internal and external stakeholders Validate identified findings and nonconformities, manage remediation tracking, monitor resolution progress, and report status to stakeholders Review, update, and maintain information security documentation in accordance with applicable standards and organizational objectives Maintain and update the GRC platform (Optro) current with risk, control, and compliance data Assist with the implementation and ongoing management of data loss prevention (DLP) programs, including false positive identification, policy violations, incident monitoring and response coordination Support third-party risk management activities, including contractor oversight and vendor due diligence reviews Assist with client-issued security questionnaires and assessments Assist with risk management, vulnerability management, incident reviews, data disposal reviews, and BC/DR planning and testing Monitor and track employee completion of security training and awareness programs Minimum Qualifications EDUCATION Bachelor’s degree in management information systems, Information Security, Cybersecurity, Business or a related field or an equivalent combination of education and experience EXPERIENCE At least 1 year of IT security, governance, risk, or compliance-related experience Knowledge of security and risk frameworks Preferred knowledge of SOC 2, ISO 27001, ISO 42001, FedRAMP, CMMC, NIST 800-53, NIST 800-171 Preferred: Knowledge of GRC tools (Optro, OneTrust, etc.) CERTIFICATIONS          Preferred: CISA, CISM, Security+, CCSK, ISO Lead Auditor SKILLS Ability to meet deadlines with a high degree of motivation Excellent critical thinking and problem-solving skills Strong communication and organizational skills Thrives in a fast-paced environment Ability to work individually as well as collaboratively Benefits Healthcare, Dental, and Vision Benefits EAP - Employee Assistance Program Competitive Bonus Structure Home Office Reimbursement Technology Allowance Certification Reimbursement Public Transportation Card Multisport Card Personalized Career Coaching Generous Paid Time Off Paid Office Closure December 24-January 1 Summer Hours About A-LIGN  A-LIGN is the leading provider of high-quality, efficient cybersecurity compliance programs. Combining experienced auditors and audit management technology, A-LIGN provides the widest breadth and depth of services including SOC 2, ISO 27001, HITRUST, FedRAMP, and PCI. A-LIGN is the number one issuer of SOC 2 and HITRUST and a top three FedRAMP assessor. To learn more, visit a-lign.com.  Come Work for A-LIGN!  Apply online today at A-LIGN.com and learn about life at A-LIGN by following us on https://www.linkedin.com/company/a-lign/posts/?feedView=all.   A-LIGN is an Equal Opportunity Employer.  The personal data you provide to us is processed by A-LIGN Bulgaria. Your personal data is shared with employees of A-LIGN, and the candidate data retention period is 6 months. You have the right to obtain information about the processing of your personal data. In addition, you have the right to correct, to block, and to delete your data in accordance with the local laws and regulations. For more information you can visit https://www.a-lign.com/privacy-policy-job-ads Offices: (Bulgaria); Panama - Virtual (Panama);