[Remote] GRC Analyst

Note: The job is a remote job and is open to candidates in USA. Direct Travel is a leading provider of corporate travel management services, offering customized travel programs for over 40 years. They are seeking a detail-oriented Governance Risk and Compliance (GRC) Analyst to manage Security & Compliance risk, conduct audits, and improve the security posture of the company.

Responsibilities

• Conducts audits of internal information security, compliance and privacy processes
• Ensures timely resolution to all audit and risk assessment findings or issues
• Manages OneTrust GRC reporting portal
• Appropriately communicates audit reports, gaps or recommendations to company management, and tracks any open concerns or questions to resolution
• Identifies potential technologies, processes or solutions that could improve the security posture of the company
• Contributes to the development of security standards, access controls, and compliance requirements of applications, network infrastructure, servers and workstations
• Serves as subject matter expert regarding information security and compliance policy
• Maintains awareness of current and emerging threat landscapes
• Assists in reporting security & compliance metrics to management
• Supports additional audit and governance functions as assigned
• Earns the trust and respect of the Direct Travel team
• Grows into a role with increasing responsibility

Skills

• Direct experience with achieving successful annual PCI Compliance, SSAE18 SOC 2 attestations and/or ISO 27001 certifications
• 1-3 years of experience leading information security audits with a preference for IS0 27001 and SOC 2 audits or assessments
• 1-3 years of experience as an IT, security or compliance analyst, with experience developing security strategy and policy
• Experience authoring policies and procedures
• Solid knowledge of ISO 27001, NIST 800-53, NIST 800-171, NIST CSF
• Experience with full Governance, Risk Management and Compliance Lifecycle
• Personal integrity
• Self-motivated, self-disciplined, and self-governed. You hold yourself to a higher standard than others
• Highly consultative and collaborative nature
• Excellent communications and presentation skills, with the ability to convey complex technology concepts to non-technology stakeholders
• The discipline to work effectively from remote location
• Degree in computer science, information systems, information security, or a related discipline. Equivalent work experience will also be considered
• Experience with Payment Card Industry (PCI) Compliance
• Excellent analytical and stakeholder engagement skills
• Strong organization and planning skills
• Successfully pass background check
• Must be able to lawfully work within the US and have unrestricted work authorization for US
• Ability to travel up to 15% if required

Benefits

• Medical, Dental, and Vision benefits
• Employee rewards and recognitions program
• Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives, and Mental Health Support

Company Overview