Governance Risk and Compliance Analyst
: Job Details :

Description The GRC Analyst is responsible for supporting the Governance, Risk, and Compliance (GRC) program by ensuring adherence to regulatory requirements and standards, managing risk assessments, assisting and supporting audit and assessment activities and promoting best practices in information security, privacy and compliance. This role involves close collaboration with stakeholders across various departments to develop, implement, and maintain policies and procedures that support company objectives, regulatory compliance, and risk management.Governance

• Support the development and maintenance of GRC frameworks, including policies, standards, and procedures to promote company-wide compliance and security best practices.
• Assist in establishing and maintaining the company's control framework to meet industry standards and regulatory requirements.
• Participate in the company's internal audit program, collect, analyze and categorize evidence.

Risk Management & Assessment

• Conduct regular risk assessments, identifying, evaluating, and managing risks to minimize operational and compliance risks in support of the Enterprise Risk Management program.
• Assist in the coordination of all internal and external audits and assessments such as SOC 1, SOC 2, NIST 800-53, and ISO 9001 QMS, ensuring control compliance and risk mitigation.
• Monitor risk mitigation efforts and report on key risk indicators.

Compliance

• Monitor and ensure compliance with relevant regulatory requirements and standards including but not limited to NIST SP 800-53, Gramm-Leach-Bliley Act (GLBA), PCI-DSS, CCPA, and other applicable federal and state privacy regulations.
• Contribute to the development of GRC training workshops and policy briefs to ensure awareness of GRC processes and audit preparation.
• Support internal and external audits by collecting and reviewing artifacts and evidence and providing necessary documentation.

Continuous Improvement

• Stay current with industry trends, regulatory updates, and best practices to proactively improve GRC processes.
• Identify opportunities for improvement to GRC tools, processes and functions and provide recommendations to management.
• Create and maintain positive relationships with internal and external entities.

Position Requirements Competencies

• Customer Service - Knowledge of principles and processes for providing customer and personal services. This includes customer needs assessment, meeting quality standards for services, and evaluation of customer satisfaction.
• Law and Government - Knowledge of laws, legal codes, court procedures, precedents, government regulations, executive orders, agency rules, and the democratic political process.
• Complex Problem Solving - Identifying complex problems and reviewing related information to develop and evaluate options and implement solutions.
• Active Listening - Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times.

Work Environment

• Federal contractor call/contact center

Working from Home Requirements

• Role may support remote work as needed and authorized.

Physical/Mental Demands

• Physical Demands - While performing the duties of this role, an employee is frequently required to sit, talk, or hear, in person and by telephone; use hands to operate standard office equipment; reach with hands and arms. The employee is occasionally required to stand and walk and to lift and carry reports and records weighing up to 20 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.
• Mental Demands - While performing the duties of this role, employees are regularly required to use written and oral communication skills; read and interpret data, information, and documents; analyze and solve problems; observe and interpret situations; learn and apply new information or skills; perform highly detailed work on multiple, concurrent tasks; work under intensive deadlines; and interact with vendors and staff in the course of work.

Required Education and Experience

• BS/BA Degree and 2+ years of experience in GRC, Risk Management, Compliance, or a similar role or 3 years' experience in lieu of degree.
• Experience with audit frameworks and standards, SOC, ISO, NIST, or similar.
• Knowledge of GRC frameworks, risk management methodologies, and compliance standards.
• Strong analytical, organizational, and problem-solving skills.
• Excellent written and verbal communication skills with the ability to work cross-functionally.
• CISA, GRCP, or similar certification in GRC, audit or compliance preferred.

• Experience with protection requirements for handling and safeguarding sensitive information in both government and private sectors.
• Ability to manage time, make sound decisions, take independent action, analyze problems, and provide focused solutions.
• Must have a professional demeanor, people skills, ability to communicate effectively, and be able to perform in a multi-tasked, dynamic environment.
• Superior organizational skills.
• Proficient in MS Office Suite.
• Must be able eligible for or have an active Security Clearance. (United States Citizenship requirement.

Work Authorization/Security Clearance Requirements

• Must be able to pass Federal background screening and/or state level criminal background screening.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.An Affirmative Action / Equal Opportunity EmployerF.H. Cann provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. As a Federal Contractor, we encourage priority referral of protected veterans under VEVRAA. F.H. Cann provides reasonable accommodation for individuals protected by section 503 of the Rehabilitation Act of 1973, VEVRAA and the ADA.If you need an accommodation as part of the employment process, please contact Human Resources at ...@fhcann.com.If you want to view the Know Your Rights poster, please choose your language: English SpanishIf you want to view the Pay Transparency Policy Nondiscrimination Provision, please choose your language: English SpanishFull-Time/Part-Time Full-Time EOE Statement F.H. Cann & Associates Inc. provides equal employment opportunities to all employees and applicants for employment without regard to race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, handicap, veteran status and all other applicable protected classes. As a Federal Contractor, we encourage priority referral of protected veterans under VEVRAA. F.H. Cann & Associates Inc. provides reasonable accommodation for qualified individuals protected by section 503 of the Rehabilitation Act of 1973, VEVRAA and the ADA in accordance with applicable law.If you need accommodation as part of the employment process, please contact Human Resources at ...@fhcann.com.Division Corporate Exempt/Non-Exempt Exempt Location Remote Category Information Technology Shift Days Position Governance Risk and Compliance Analyst Req Number INF-24-00006 Open Date 10/31/2024 This position is currently accepting applications.