Governance, Risk & Compliance Analyst (PeopleFluent) US, Remote

Job Title: Governance, Risk, and Compliance (GRC) Analyst

Job Description:

The GRC Analyst will be responsible for leading the day-to-day compliance, data governance, and risk management functions. This person should be able to understand and facilitate multi-faceted risk frameworks, assisting our business partners with making balanced decisions between risk exposure, growth, and innovation. This person should also be able to support mechanisms to proactively identify, mitigate, and monitor risks by working with many cross-functional teams within the LTG SaaS Companies.

Job Responsibilities:

• Assist with external audits for SOC 2, ISO 27001 and 27701
• Assess and track compliance with regulatory and legal requirements relevant to the business including, GDPR, CCPA, and contractual commitments
• Assess, track and ensure fulfillment of legal, regulatory, and client driven requirements relating to environmental and social responsibility compliance
• Monitor information security training and awareness across the organization
• Perform continuous monitoring, remediation, reporting escalation and resolution of security and compliance issues with appropriate leadership
• Communicate with Legal to ensure that the company meets data privacy and security requirements.
• Conduct internal security audits, risk assessments and business impact assessments.
• Work with business leaders to ensure information security risk findings are reviewed and solutions are implemented.
• Perform periodic gap assessments to validate compliance on an ongoing basis.
• Assess the security qualifications of current and potential vendors.
• Liaise with relevant parties to commission activities related to contingency planning, business continuity management, and IT disaster recovery.
• Complete security and privacy-related documentation and questionnaires to support RFP’s and customer-driven vendor risk assessments.
• Leading initiatives to fulfill Company’s Environmental, Social, and Governance commitments

Requirements: 

• Knowledge of industry security and privacy standards (including ISO 27001 and 27701, SOC 2, and GDPR) demonstrated by experience with customer and 3rd party audits.
• Baseline knowledge of risk management processes, in both a compliance and security context.
• Previous experience with internal and external audits.
• Familiarity with ISMS and security frameworks.
• Ability to make practical interpretations of regulatory and compliance requirements
• Ability to proactively identify opportunities for continuous improvement
• Strong aptitude for learning highly technical subject matter 
• Strong written and verbal communications skills, and the ability to work effectively with colleagues at all levels of the organization

Reports to: VP Information Security

We are an Equal Opportunity Employer and do not discriminate against any employee or applicant for employment because of race, colour, sex, age, national origin, religion, sexual orientation, gender identity, status as a veteran, and basis of disability or any other federal, state or local protected class.