CGWS - COME GROW WITH US

GRC Analyst

CGWS - COME GROW WITH US

full-time

Posted on:

Origin:  • 🇺🇸 United States • Utah

Visit company website
AI Apply
Apply

Job Level

Junior

Tech Stack

AWSCloudSaltStackServiceNow

About the role

  • Evaluate and support compliance initiatives covering information security, policy, risk management, data classification, vendor management, privacy, audit, and awareness
  • Assist with implementing information security policies and documentation, assessing compliance with existing policies, and ensuring overall compliance with security-related requirements from customers
  • Perform security assessments and monitoring and tracking compliance status; develop and improve processes, procedures, standards, and guidance
  • Provide guidance on security control implementation; implement process improvement and maturity initiatives
  • Assist in evaluating risks and controls to support NIST CSF, ISO 27001, ISO 27018, ISO 42001, SOC 1, SOC 2, HITRUST, FedRAMP, and other regulatory and compliance initiatives
  • Work with internal stakeholder teams to document the implementation of security compliance control implementations for technical, management, and operational requirements
  • Conduct gap analysis of current policies, procedures, and practices as they relate to established guidelines outlined by NIST, FISMA, HIPAA, and other regulatory standards
  • Conduct risk assessments of technology infrastructure and operational processes and controls for assigned areas
  • Use AI-powered platforms for continuous controls monitoring, predictive risk assessments, and identifying compliance gaps while incorporating responsible AI use into practices
  • Build and maintain the controls matrix in alignment with multiple compliance frameworks
  • Develop and maintain security documentation such as System Security Plan, Privacy Impact Assessment, Configuration Management Plan, Contingency Plan, POA&M, annual FISMA assessment, and incident reports
  • Assist in delivering and maintaining information security training and awareness programs
  • Perform vendor management/security risk assessments and interface with vendors on occasion
  • Track efforts related to threat and vulnerability assessment processes to monitor and remediate vulnerabilities in a timely manner

Requirements

  • Bachelor's degree in Computer Science, Information Technology, or related field
  • Minimum of 1 year of experience in compliance, audit, and/or information security
  • CISSP, CISA, CCSA, or equivalent certification preferred
  • Familiarity with enterprise-level compliance tools such as Drata, Vanta, ServiceNow, Archer, IBM GRC or other industry equivalent software
  • Foundational understanding and eagerness to learn FedRAMP, NIST CSF, FISMA, NIST RMF, NIST FIPS 199, ISO 27001, ISO 27018, ISO 42001, SOC 1, SOC 2, HIPAA and HITRUST
  • Basic understanding of cloud based environments for production applications, including Amazon Web Services, Google Cloud, or other large-scale cloud deployments
  • Experience in the vulnerability assessment lifecycle from the point of identification to remediation
  • Interpersonal skills to work as a team member and as a liaison
  • Excellent verbal communication, presentation, organizational and planning skills, and great attitude and ability to learn new things quickly
  • AI curiosity and willingness to learn and use AI tools