Senior GRC Analyst

Summary

We are looking for a Senior GRC Analyst to structure and enhance the company's governance and information security processes. This professional will play a key role in implementing and monitoring controls required for SOC 2 Type 2 and ISO 27001 certification, ensuring compliance with industry best practices.

The primary focus will be on defining and enforcing policies, processes, and audits to strengthen corporate governance and implementing strategic KPIs for continuous monitoring.

Key Responsabilities

• Structure and implement IT governance processes, aligned with ISO 27001 and SOC 2 Type 2 standards.

• Define, review, and ensure compliance with information security and governance policies.

• Implement and monitor internal controls and audits to mitigate technology risks.

• Support the development of the Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP).

• Define and track governance and information security KPIs.

• Collaborate with the Cybersecurity team to ensure regulatory compliance and mitigate cybersecurity risks.

• Support external audits and work on remediation of identified deficiencies.

• Ensure processes comply with data privacy regulations (GDPR, if applicable).

• Implement change management practices to ensure all system and process modifications are properly documented and approved.

Skills and Qualifications

• Proven experience in IT governance and policy development.

• Proven experience in implementing ISO 27001 and SOC 2 standards.

• Advanced knowledge of ISO 27001, SOC 2 Type 2, ITIL, and COBIT.

• Experience with internal and external security audits.

• Ability to structure risk management and regulatory compliance processes.

• Capability to map and implement continuous improvements in IT operational processes.

• Experience in defining and monitoring governance and security KPIs.

Nice to have

• Certifications such as ISO 27001 Lead Implementer/Auditor, CISM, CRISC, CISSP.

• Experience in the Cloud Computing or Technology industry.

• Competitive salary and performance-based bonuses.

• Health, dental, and vision insurance.

• Professional development opportunities (training, certifications, conferences).

• A collaborative culture that values innovation and growth.