Grc Security Analyst
Current• Participate in various department projects as a GRC representative to provide GRC guidance and interpretation of policies, standards, regulations, risks, and best practices.• Manage exception program to ensure continuous compliance of internal policies and industry control frameworks.• Evaluate exceptions via identifying the non-compliance of why an exception is needed, risk profile, identifying compensating controls to help mitigate the risk.• Work with stakeholders through the exception process including finalizing reports with recommendations based on the risk and compensating controls available.• Share finalized reports with GRC Director and CISO for their final approval of the exceptions.• Monitor and track exceptions to ensure permanent controls are put in place and work with stakeholders if an extension is needed based on business need.• Conduct thorough due diligence and vendor reviews on print partners and third-party service vendors.• Perform internal security assessment to ensure compliance to the various frameworks including SOC, ISO etc.• Create, implement, and manage policies, standards, procedures, training and communication of the new policies, standards, and procedures to support projects and adherence.• Strong understanding of various compliance and regulatory areas SOC 2 Type 2 and ISO 27001.• Managed annual cyber security and awareness training and facilitated new hires security training.• Manage risk incidents, risk register, and risk reporting.• Communicate identified risks to key stakeholders including control owners, policy, and standard owners to initiate and implement risk remediations.• Review Risk management Plans with Business Partners to ensure no violations toPHI, SPI, PI, PII and required risk treatments are in place• Perform control mappings and ensure control artifacts are documented incompliance with SOC 2 Type 2 and ISO 27001.