Senior GRC Analyst
CGWS - COME GROW WITH US
AWSAzureCloudGoogle Cloud PlatformPMP
Governance, Risk, and Compliance Lead
Emburse
full-time
Posted on:
Origin: • 🇨🇦 Canada
Visit company websiteJob Level
Senior
Tech Stack
CloudPMPReact
About the role
- Establish and maintain security policies, standards, and controls aligned with industry frameworks (NIST, ISO 27001, PCI, SOC 2)
- Develop a metrics and reporting framework to assess the effectiveness of the security framework
- Organize information security risk assessment process, including reporting and oversight of treatment efforts to address negative findings
- Assist with compliance audits and projects (SOC 1, SOC 2, ISO 27001, ISO 27701, PCI-DSS, Tx-RAMP, and other projects)
- Manage privacy program to ensure compliance with legal and regulatory requirements (GDPR, PIPEDA, CCPA, CPRA)
- Execute Privacy Impact Assessments (PIAs)
- Support development and implementation of a continuous controls monitoring program for security compliance and automation of manual processes
- Monitor regulatory and industry trends and integrate required changes in compliance policies, procedures, and testing
- Assist with enterprise-wide targeted training for employee compliance with regulatory requirements
- Coordinate security incident response and resiliency activities from a compliance and governance perspective
- Manage Third Party Risk Management oversight for new and existing vendors
Requirements
- Bachelor’s Degree
- Minimum 5+ years of technology project/program management
- Ability to effectively work as part of a cohesive and agile team
- Ability to manage security audits and frameworks (e.g., PCI, ISO 27001, SOC 1, SOC 2, NIST)
- Ability to manage privacy audits and frameworks (e.g., GDPR, CPRA, CCPA, PIPEDA)
- Ability to remain organized and to elicit cooperation from a wide variety of sources, including team members, other internal departments, and external parties
- Ability to effectively prioritize and execute tasks in a high-pressure environment and react to project adjustments and alterations promptly and efficiently
- Ability to exercise good judgment and discretion in confidential matters
- Demonstrable experience interacting with auditors and strategic partners in cloud-based environments relating to assurance frameworks such as SOX, PCI DSS, ISO27001, SOC 2 Trust Principles, Business Continuity and Disaster Recovery and Third-Party Risk Management
- Implemented or maintained Drata (or other GRC tools)
- Certifications preferred: CISSP, CIPP/EU, CIPM, Security+, CISA, PMP
- Excellent analytical skills
- Self-starter with the ability to work with minimal supervision
- Experience working on large cross-functional teams, representing GRC on initiatives such as change management, identity and access management, policy management, and data retention
- Strong writing skills and the ability to communicate information about complex issues to stakeholders in a clear and easy to understand way
- Ability to develop creative and adaptive solutions to unique and complex inquiries
- Team-focused, positive attitude, and good sense of humor
