GRC Analyst - Compliance

About HireRight

HireRight is the premier global background screening and workforce solutions provider. We bring clarity and confidence to vetting and hiring decisions through integrated, tailored solutions, driving a higher standard of accuracy in everything we do. Combining in-house talent, personalized services, and proprietary technology, we ensure the best candidate experience possible. PBSA accredited and based in Nashville, TN, we offer expertise from our regional centers across 200 countries and territories in The Americas, Europe, Asia, and the Middle East. Our commitment to get it right every time, everywhere, makes us the trusted partner of businesses and organizations worldwide

Overview

This role is based in Poland and reports to the Manager, Information Security GRC. The analyst will assist in the management of all aspects of information security compliance and risk management and operational monitoring to ensure that the organization’s information security policies and procedures are implemented and well documented. Additionally, the position will support the full lifecycle of compliance audits and ensure that compliance issues are identified, and remediation plans are formalized in a timely fashion.

 Responsibilities

• Independently evaluates and analyzes issues or recommendations for improvements in processes to mitigate risks and brings programs and operations into compliance with the goals and objectives of the Information Security Program and communicates results to management and other key stakeholders.

• Takes a lead role supporting the SOC 2 and global ISO 27001/27701 audits including gap analysis

• Assists in developing and administering ongoing IT compliance monitoring and governance activities

• Collaborate with other business units and stakeholders to ensure controls are adequate, appropriate, and effective

• Advises internal business clients on the effectiveness of corrective action plans in the event of non-compliance or detected vulnerabilities in the environment.

• Ensure existing policies, procedures and controls are in compliance with applicable laws, regulations, and industry standards

• Contributes to various project requests from functional teams to increase operational efficiency, strengthen IT environment, and help meet the company's internal and external regulatory or compliance requirements.

• Performs ad-hoc compliance requests or additional duties as assigned

Education:

• BS, BA in Information Technology, Computer Science or other related Business/Technology/Analytical studies *CISSP, CISA, CISM, CRISC, CPP(ASIS), ISO 27001 Lead Auditor, or similar certification

• Prior experience conducting internal risk assessment workshops and providing guidance to functional teams with the implementation, monitoring, and reporting of appropriate risk treatment measures to drive conformity with policies and procedures, and establish effective internal controls processes

Experience:

• 3-5 years of progressive experience in information security, with an emphasis on risk and compliance

• 2-3 years of experience coordinating ISO 27001 and SOC 2 audits, as well as owning audit responses

Knowledge & Skills:

• Thorough understanding of Regulations, and Security Control sets: NIST Cybersecurity Framework (CSF), ISO27001, ISO 27701, NIST, GDPR

• Knowledge of GRC tools and best practices (i.e., AuditBoard) a plus

• Security and Privacy controls validation experience preferred

• General IT knowledge (architecture, networking, operations)

• Ability to synthesize complex data, produce appropriate outcomes, and convey information designed for relevant audiences

• Stakeholder and executive audience engagement and communication

• Worked with common business processes and cross-departmental projects

• Exceptional interpersonal, written, and oral communication skills

• Certifications or other specialized training such as: Security+, ISO27001 Lead Implementor/Auditor, CISA

  
  

What do we offer

HireRight offers its employees a permanent contract and a comprehensive package of benefits. From day one you will receive a training plan to get you on board quickly. Additionally, we offer:

• Private Medical Care

• Edenred card

• Lunch Vouchers

• Paid Lunch Break (30 Minutes)

• Social Fund (Holiday Allowance, Glasses Voucher)

• Bonus Plans

• Group Life Insurance

• Career Path & Opportunities to Grow

• Professional Training

Please submit resume/CV in English.

All resumes are held in confidence. Only candidates whose profiles closely match requirements will be contacted during this search.HireRight does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of HireRight and HireRight will not be obligated to pay a placement fee.