Job Description
As the Governance, Risk, and Compliance analyst, you will play a pivotal role in ensuring the information security policies and procedures are implemented and adhere to regulatory requirements, implementing effective risk management strategies, and establishing governance frameworks. This position requires a deep understanding of industry regulations and best practices, excellent communication skills, and the ability to develop and implement robust compliance programs.
- Regulatory Compliance
- Keep up to date with relevant industry regulations and ensure the organization adheres to applicable laws and standards
- Develop and implement compliance programs to mitigate risks associated with regulatory non-compliance
- Risk Management
- Identify, assess, and prioritize risks associated with business operations and IT services
- Develop and implement risk management strategies to minimize the impact of identified risks
- Governance Framework
- Establish and maintain effective governance frameworks to ensure accountability and transparency
- Collaborate with leadership to define and communicate governance policies and procedures
- Audit and Assessment
- Plan and conduct internal audits to evaluate the effectiveness of governance, compliance, and risk management processes
- Work with external auditors and regulators to facilitate external assessments
- Policy Development
- Develop and update governance, compliance, and risk management policies to reflect industry best practices and regulatory changes
- Ensure policies are communicated effectively and understood across the organization
Qualifications
- In-depth knowledge of IT governance, risk management and compliance principles
- Strong understanding of relevant industry regulations and standards
- Excellent analytical and problem-solving skills
- Effective communication and interpersonal abilities
- Ability to develop and maintain strong relationships with internal and external stakeholders
Education And Experience
- Bachelor’s, or Master’s degree, in Business, IT, Risk Management, or a related field. Education can be substituted for experience.
- 3+ years of experience in a similar role, with a focus on governance, risk management, and compliance within the IT or MSP industry.
- Relevant certifications such as CISA, CRISC, CISM, CISSP, or similar.