Information Technology GRC Analyst - Hybrid (Granville, OH)
We are looking for an Information Technology GRC Analyst to join our team in Granville, OH. This is a hybrid role with 2 days per week in our Granville office.
In this role, you will be responsible for implementing and managing our information security governance, risk management, and compliance program. You will perform risk assessments, audit controls, monitor compliance, and recommend improvements to our security policies and procedures.
- Develop and implement GRC strategy, frameworks, policies, and procedures aligned with regulations, best practices, and business objectives
- Conduct risk assessments to identify threats, vulnerabilities, and potential impacts; recommend risk mitigation strategies
- Create and maintain risk registers, control matrices, and other GRC documentation
- Perform audits and tests of security controls; identify control gaps and potential compliance issues
- Monitor compliance with regulations like PCI DSS, HIPAA, and internal security policies
- Prepare reports for management on security posture, risks, audit results, policy exceptions, and remediation activities
- Act as a subject matter expert on GRC best practices and technologies
- 3+ years of experience in information security operations, risk management or auditing
- Knowledge of security regulations and frameworks like PCI DSS, ISO 27001, NIST
- Hands-on experience with GRC technologies and processes
- Strong analytical and problem-solving skills
- Excellent written and verbal communication abilities
- Attention to detail and organizational skills
This position offers the opportunity to take a leadership role in managing our cybersecurity GRC program. If you have a passion for risk management, compliance, and security governance, we want to hear from you!