At Armanino, you determine your career path. This means it's possible to pursue challenges you are passionate about, in industries you care about.
Armanino is proud to be
Among the top 20 Largest Accounting and Consulting Firms in the Nation and one of the
Best Places to Work. We have a community of resources that are ready and willing to support your ideas, build your skills and expand your professional network. We want you to integrate all aspects of your life with your career. At Armanino, we know you don’t check-out of life when you check-in at work. That’s why we’ve created a unique work environment where your passions, work, and family & friends can overlap. We want to help you achieve growth by giving you access to a network of smart and supportive people, willing to listen to your ideas.
As a key member of the IT Team, the Senior Cybersecurity GRC Analyst will collaborate with process owners, internal auditors, external auditors, and other stakeholders to assist in reviewing, monitoring, and resolving findings. This includes helping the team manage ISO 27001, QM, SOC, and related compliance programs. The Cybersecurity GRC Analyst will be supporting the implementation of internal and external assessments, responding to and managing the entire lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards, including ISO 27001, SOC PCI, SOX, and other GRC activities. This role will also contribute to the transformation of the company’s IT compliance program and involves working closely with cross-functional teams to ensure compliance with regulatory requirements, internal policies, and industry best practices.
Job Responsibilities:
- Manage risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with NIST standards.
- Manage and support SOC, QM, and global ISO 27001 audits.
- Promote widespread implementation of ISO 27001 standards.
- Maintain and monitor a central repository for audit evidence.
- Conduct and report risk and readiness assessments for management and provide recommendations for mitigation.
- Work together with other stakeholders to link our enterprise IT, procurement, and privacy departments with GRC objectives.
- Maintain up-to-date knowledge of procedures and methods that serve to broaden team knowledge and industry expertise.
- Manage security standards, policies, and practices on an annual basis to make sure they meet firm demands.
- Assist the team in responding to inquiries from the business units about ongoing operational compliance.
- Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements.
- Strong analytical and problem-solving skills.
- Excellent communication, interpersonal skills, and effective writing skills, especially in providing root cause analysis.
- Ability to work independently and as part of a team.
- Identify opportunities for improving IT services and processes to support global teams better.
Requirements:
- Bachelor’s degree in business with an emphasis in information technology or equivalent experience in place of degree. Preferably in Information Security, risk management, governance and related fields.
- Minimum 5 years of direct experience in information security, with a main emphasis on risk and compliance.
- Minimum 3 years of expertise conducting ISO 27001 and SOC audits, as well as handling audit responses.
- Thorough understanding of market structures, including relevant regulatory compliance requirements (ISO27001, SOC, NIST, CPRA, FedRamp, CMMC, PCI, GDPR, etc.)
- Knowledge of identity management standards, storage, and disaster recovery in the cloud.
- Knowledge of GRC tool techniques and best practices.
- Proven track record of organizing and carrying out several risk and compliance projects.
- Ability to successfully manage third-party audits, compile evidence, and organize audit responses. Stay updated with industry trends and best practices to continuously improve support processes.
- This role requires flexibility to work during IST business hours with occasional adjustments to support other time zones.
Armanino provides equal employment opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability or genetics. In addition to federal law requirements, Armanino complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Armanino expressly prohibits any form of workplace harassment based on race, color, religion, gender, sexual orientation, gender identity or expression, national origin, age, genetic information, disability, or veteran status. Improper interference with the ability of Armanino employees to perform their job duties may result in discipline up to and including discharge.
Armanino does not accept unsolicited candidates, referrals, or resumes from any staffing agency, recruiting service, sourcing entity, or third-party paid service at any time. Any referrals, resumes, or candidates submitted to Armanino or any employee or owner of Armanino without a pre-existing agreement signed by both parties covering the submission will be considered the property of Armanino and not subject to any fees or charges. For existing agreements, a role must be approved and open to external search; otherwise, unsolicited and unapproved submittals and referrals will be considered Armanino property and free of fees. In addition, Talent Acquisition is the sole point of contact, and contacting others in our organization without Talent Acquisition’s knowledge will result in termination of contract.
Armanino has a robust offering of benefits, including:
- Medical, dental, vision
- Generous PTO plan and paid sick time
- Flexible work arrangements
- 401K with Profit Sharing
- Wellness program
- Generous parental leave
- 11 paid holidays
For positions based in San Francisco, consistent with the SF Fair Chance Ordinance, an arrest and conviction record will not automatically disqualify a qualified applicant from consideration.
For Individuals who would be working within the City of Los Angeles, Armanino will consider for employment all qualified applicants, including those with criminal histories, in a manner consistent with the requirements of applicable state and local laws, including the City of Los Angeles’ Fair Chance Initiative for Hiring Ordinance
To view our Consumer Notice at Collection for job applicants, please visit: https://www.armanino.com/terms/ccpa-employee-notice/
We have a community of resources that are ready and willing to support your ideas, build your skills and expand your professional network.