Lead GRC Analyst

What will you do

• Essential Functions
• Establish and maintain security policies, standards, and controls aligned with industry frameworks (NIST, ISO 27001, PCI, SOC 2).
• Develop a metrics and reporting framework to assess the effectiveness of the security and privacy programs.
• Organize information security risk assessment process, including the reporting and oversight of treatment efforts to address negative findings.
• Assist with compliance audits and projects (SOC 1, SOC 2, ISO 27001, ISO 27701, PCI-DSS, Tx-RAMP, and other projects).
• Manage privacy program to ensure that it is in compliance with legal and regulatory requirements (GDPR, PIPEDA, CCPA, CPRA)
• Execute Privacy Impact Assessments (PIAs)
• Support in the development and implementation of a continuous controls monitoring program for security compliance and automation of manual processes.
• Monitor regulatory and industry trends to ensure required changes in compliance policies, procedures, and testing are integrated in a timely manner. 
• Assist with enterprise-wide targeted training for employee compliance with regulatory requirements
• Coordinate security incident response and resiliency activities from a compliance and governance perspective, ensuring lessons learned feed back into governance processes.
• Manage Third Party Risk Management oversight for new and existing vendors
• Support and help grow the AI Governace initiatives within the organization

What are we looking for

• Education:
• Required:  Bachelor’s Degree; Minimum 5+ years of technology project/program management.


Experience:   
• Ability to effectively work as part of a cohesive and agile team. 
• Ability to manage security audits and frameworks (e.g., PCI, ISO, SOC 1, SOC2, NIST)
• Ability to manage privacy audits and frameworks (e.g., GDPR, CPRA, CCPA, PIPEDA)
• Ability to manage AI audits and frameworks (e.g., ISO 42001)
• Ability to remain organized and to elicit cooperation from a wide variety of sources, including team members, other internal departments, and external parties.
• Ability to effectively prioritize and execute tasks in a high-pressure environment and react to project adjustments and alterations promptly and efficiently.
• Ability to exercise good judgment and discretion in confidential matters.
• Demonstrable experience interacting with auditors and strategic partners in cloud-based environments similar to Emburse, relating to assurance frameworks such as SOX, PCI DSS, ISO27001, SOC 2 Trust Principles, Business Continuity and Disaster Recovery and Third-Party Risk Management. 
• Implemented or maintained Drata (or other GRC tools)


Certifications:
• Preferred:  CISSP, CIPP/EU, CIPM, Security+, CISA, PMP

Required Skills

• Excellent analytical skills.
• Self-starter with the ability to work with minimal supervision.
• Experience working on large cross-functional teams, representing GRC on initiatives such as change management, identity and access management, policy management, and data retention.
• Strong writing skills and the ability to communicate information about complex issues to stakeholders in a clear and easy to understand way
• Ability to develop creative and adaptive solutions to unique and complex inquiries
• Unwavered by a rapid-paced working environment and meeting deadlines
• Team-focused, positive attitude, and good sense of humor