Cloud GRC Analyst

The purpose of the GRC Analyst role:

Governance, risk management, and compliance are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity.

• Governance is the combination of processes established and executed by management that are reflected in the organization's structure and how it is managed and led toward achieving business goals.
• Risk management is predicting and managing risks that could hinder the organization from reliably achieving its objectives under uncertainty.
• Compliance refers to adhering to the mandated boundaries (laws and regulations) and voluntary boundaries (company's policies, procedures)

The GRC function conducts recurring activities with relevant stakeholders to follow up, maintain and improve compliance with the defined control environment.

Key Responsibilities 

• The Cloud GRC Analyst role responsibilities will include: 
• Be the custodian, develop and maintain an effective policy and control framework
• Manage and lead information security governance
• Conduct internal audit review and meetings and to support external audit facilitation work covering creating audit checklist, manage audit interview with internal control owners, follow up on remediation action plan for identified findings, issue audit report.
• Managing customer assessment/questionnaires/RFP questionnaires in assisting SE and Professional Services team in revenue generating activities.
• Managing and coordinating customer audit/remote assessment for Cloud Services team
• Facilitate and own risk analysis and Cloud Services risk register
• Establish, monitor and continuously improve risk management procedures
• Provide oversight and management of review and audit finding remediation, including generating requirements for full remediationProviding feedback and suggestions on responses to findings, and tracking progress and providing status and updates to the management team

• Strong communication skills and able to keep a good relationship to internal and external stakeholders
• Strong written and verbal English communication skills
• Work independently, proactive and feel comfortable in taking difficult decisions
• Experience in developing, documenting and maintaining GRC methodologies
• Structured, analytical and persistent
• Ability to work well under minimal supervision with lots of self-drive

• Qualifications for the GRC Analyst role:
• Minimum of 3 years of work experience in a GRC or audit rolesBachelor's degree in information systems or equivalent work experience
• Strong knowledge of security management frameworks, such PCI DSS, ISO 2700x, SOC2, is a mandatory requirement. Must be able to understand the PCI DSS and ISO27001 control requirements.
• Good knowledge on Cloud based technologies especially on MS Azure and AWS
• Experience in developing, documenting and maintaining security policies, processes, procedures and standards
• Certifications like CISA, CISSP or similar are an advantage but not a requirement.

Skills and Knowledge Required

• Strong communication skills and able to keep a good relationship to internal and external stakeholders
• Strong written and verbal English communication skills
• Good report writing skills especially meeting notes, meeting minutes.
• Good analysis skills to perform preliminary gap assessment against new security framework or data privacy when required.
• Work independently, proactive and feel comfortable in taking difficult decisions
• Experience in developing, documenting and maintaining GRC methodologies
• Structured, analytical and persistent

Tungsten Automation Corporation, Inc. is an Equal Opportunity Employer M/F/Disability/Vets