FH Cann & Associates
GRC Analyst
FH Cann & Associates, Exeter, New Hampshire, us, 03833
Governance, Risk and Compliance (GRC) Analyst
Position Summary
The GRC Analyst is responsible for supporting the Governance, Risk, and Compliance (GRC) program by ensuring adherence to regulatory requirements and standards, managing risk assessments, assisting and supporting audit and assessment activities and promoting best practices in information security, privacy and compliance. This role involves close collaboration with stakeholders across various departments to develop, implement, and maintain policies and procedures that support company objectives, regulatory compliance, and risk management.
Essential Functions
Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions.
Governance
Support the development and maintenance of GRC frameworks, including policies, standards, and procedures to promote company-wide compliance and security best practices. Assist in establishing and maintaining the companys control framework to meet industry standards and regulatory requirements. Participate in the companys internal audit program, collect, analyze and categorize evidence.
Risk Management and Assessment
Conduct regular risk assessments, identifying, evaluating, and managing risks to minimize operational and compliance risks in support of the Enterprise Risk Management program. Assist in the coordination of all internal and external audits and assessments such as SOC 1, SOC 2, NIST 800-53, and ISO 9001 QMS, ensuring control compliance and risk mitigation. Monitor risk mitigation efforts and report on key risk indicators.
Compliance
Monitor and ensure compliance with relevant regulatory requirements and standards including but not limited to NIST SP 800-53, Gramm-Leach-Bliley Act (GLBA), PCI-DSS, CCPA, and other applicable federal and state privacy regulations. Contribute to the development of GRC training workshops and policy briefs to ensure awareness of GRC processes and audit preparation. Support internal and external audits by collecting and reviewing artifacts and evidence and providing necessary documentation.
Continuous Improvement
Stay current with industry trends, regulatory updates, and best practices to proactively improve GRC processes. Identify opportunities for improvement to GRC tools, processes and functions and provide recommendations to management. Create and maintain positive relationships with internal and external entities.
Competencies
Customer Service Knowledge of principles and processes for providing customer and personal services. This includes customer needs assessment, meeting quality standards for services, and evaluation of customer satisfaction. Law and Government Knowledge of laws, legal codes, court procedures, precedents, government regulations, executive orders, agency rules, and the democratic political process. Complex Problem Solving Identifying complex problems and reviewing related information to develop and evaluate options and implement solutions. Active Listening Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times.
Work Environment
Federal contractor call/contact center
Working from Home Requirements
Role may support remote work as needed and authorized.
Physical/Mental Demands
Physical Demands - While performing the duties of this role, an employee is frequently required to sit, talk, or hear, in person and by telephone; use hands to operate standard office equipment; reach with hands and arms. The employee is occasionally required to stand and walk and to lift and carry reports and records weighing up to 20 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.
*Mental Demands - While performing the duties of this role, employees are regularly required to use written and oral communication skills; read and interpret data, information, and documents; analyze and solve problems; observe and interpret situations; learn and apply new information or skills; perform highly detailed work on multiple, concurrent tasks; work under intensive deadlines; and interact with vendors and staff in the course of work. *
Required Education and Experience
BS/BA Degree and 2+ years of experience in GRC, Risk Management, Compliance, or a similar role or 3 years experience in lieu of degree.
Experience with audit frameworks and standards, SOC, ISO, NIST, or similar.
Knowledge of GRC frameworks, risk management methodologies, and compliance standards.
[]{style="color: black;
"}
Position Summary
The GRC Analyst is responsible for supporting the Governance, Risk, and Compliance (GRC) program by ensuring adherence to regulatory requirements and standards, managing risk assessments, assisting and supporting audit and assessment activities and promoting best practices in information security, privacy and compliance. This role involves close collaboration with stakeholders across various departments to develop, implement, and maintain policies and procedures that support company objectives, regulatory compliance, and risk management.
Essential Functions
Reasonable accommodations may be made to enable individuals with disabilities to perform these essential functions.
Governance
Support the development and maintenance of GRC frameworks, including policies, standards, and procedures to promote company-wide compliance and security best practices. Assist in establishing and maintaining the companys control framework to meet industry standards and regulatory requirements. Participate in the companys internal audit program, collect, analyze and categorize evidence.
Risk Management and Assessment
Conduct regular risk assessments, identifying, evaluating, and managing risks to minimize operational and compliance risks in support of the Enterprise Risk Management program. Assist in the coordination of all internal and external audits and assessments such as SOC 1, SOC 2, NIST 800-53, and ISO 9001 QMS, ensuring control compliance and risk mitigation. Monitor risk mitigation efforts and report on key risk indicators.
Compliance
Monitor and ensure compliance with relevant regulatory requirements and standards including but not limited to NIST SP 800-53, Gramm-Leach-Bliley Act (GLBA), PCI-DSS, CCPA, and other applicable federal and state privacy regulations. Contribute to the development of GRC training workshops and policy briefs to ensure awareness of GRC processes and audit preparation. Support internal and external audits by collecting and reviewing artifacts and evidence and providing necessary documentation.
Continuous Improvement
Stay current with industry trends, regulatory updates, and best practices to proactively improve GRC processes. Identify opportunities for improvement to GRC tools, processes and functions and provide recommendations to management. Create and maintain positive relationships with internal and external entities.
Competencies
Customer Service Knowledge of principles and processes for providing customer and personal services. This includes customer needs assessment, meeting quality standards for services, and evaluation of customer satisfaction. Law and Government Knowledge of laws, legal codes, court procedures, precedents, government regulations, executive orders, agency rules, and the democratic political process. Complex Problem Solving Identifying complex problems and reviewing related information to develop and evaluate options and implement solutions. Active Listening Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times.
Work Environment
Federal contractor call/contact center
Working from Home Requirements
Role may support remote work as needed and authorized.
Physical/Mental Demands
Physical Demands - While performing the duties of this role, an employee is frequently required to sit, talk, or hear, in person and by telephone; use hands to operate standard office equipment; reach with hands and arms. The employee is occasionally required to stand and walk and to lift and carry reports and records weighing up to 20 pounds. Specific vision abilities required by this job include close vision and the ability to adjust focus.
*Mental Demands - While performing the duties of this role, employees are regularly required to use written and oral communication skills; read and interpret data, information, and documents; analyze and solve problems; observe and interpret situations; learn and apply new information or skills; perform highly detailed work on multiple, concurrent tasks; work under intensive deadlines; and interact with vendors and staff in the course of work. *
Required Education and Experience
BS/BA Degree and 2+ years of experience in GRC, Risk Management, Compliance, or a similar role or 3 years experience in lieu of degree.
Experience with audit frameworks and standards, SOC, ISO, NIST, or similar.
Knowledge of GRC frameworks, risk management methodologies, and compliance standards.
[]{style="color: black;
"}