LanceSoft
GRC Analyst
LanceSoft - Detroit, Michigan, United States, 48228
Work at LanceSoft
Overview
- View job
Overview
Job Description
The Governance Analyst will be responsible for assisting in the responsibilities of executing the security framework compliance/governance activities and requirements. Day-to-day responsibilities will also include documenting adherence to governance requirements across policies/standards, procedures, controls, compliance, training and awareness, and preparing metrics/KPIs and reporting materials. Required Skills:
At least three to five years of work experience in IT compliance, IT Assessments, and/or IT audit experience as well as knowledge and understanding of governance, risk, compliance Knowledge of security and risk frameworks, standards, best practices (e.g., HITRUST CSF, NIST CSF, ISO/IEC 27001, COBIT) Self-starter with effective written and verbal communication skills along with strong critical thinking skill Evaluate the design and operation effectiveness of Business/IT operations against the HITRUST CSF and identify areas of improvement Interview SMEs, examine evidence documentation, analyze and perform testing Learn the company functions/processes by conducting process walk throughs Analyze root cause of issues, provide recommendations for process improvements and risk mitigation based on assessment findings Collaborate with cross-functional teams to mitigate risks and ensure compliance with HITRUST CSF Deliver effective and concise documentation that meets HITRUST quality standards Prepare and provide reporting such as dashboards and metrics, on various areas of performance, issue analysis and assessment statuses Utilize GRC tools to effectively manage assessment remediation plans and documentation Serve as a HITRUST subject matter expert Education & Certifications Undergraduate university degree (4-year) preferred but not required. Experience in Information Security, IT general controls, IT compliance, IT assessments and/or IT audit experience. Certified Information Systems Security Professional (CISSP), CISA, CPA/CA, CISM or other equivalent professional certification preferred but not required.
The Governance Analyst will be responsible for assisting in the responsibilities of executing the security framework compliance/governance activities and requirements. Day-to-day responsibilities will also include documenting adherence to governance requirements across policies/standards, procedures, controls, compliance, training and awareness, and preparing metrics/KPIs and reporting materials. Required Skills:
At least three to five years of work experience in IT compliance, IT Assessments, and/or IT audit experience as well as knowledge and understanding of governance, risk, compliance Knowledge of security and risk frameworks, standards, best practices (e.g., HITRUST CSF, NIST CSF, ISO/IEC 27001, COBIT) Self-starter with effective written and verbal communication skills along with strong critical thinking skill Evaluate the design and operation effectiveness of Business/IT operations against the HITRUST CSF and identify areas of improvement Interview SMEs, examine evidence documentation, analyze and perform testing Learn the company functions/processes by conducting process walk throughs Analyze root cause of issues, provide recommendations for process improvements and risk mitigation based on assessment findings Collaborate with cross-functional teams to mitigate risks and ensure compliance with HITRUST CSF Deliver effective and concise documentation that meets HITRUST quality standards Prepare and provide reporting such as dashboards and metrics, on various areas of performance, issue analysis and assessment statuses Utilize GRC tools to effectively manage assessment remediation plans and documentation Serve as a HITRUST subject matter expert Education & Certifications Undergraduate university degree (4-year) preferred but not required. Experience in Information Security, IT general controls, IT compliance, IT assessments and/or IT audit experience. Certified Information Systems Security Professional (CISSP), CISA, CPA/CA, CISM or other equivalent professional certification preferred but not required.