[Hiring] Senior Analyst - Information Security Governance, Risk & Compliance @Genesys

Role Description

The Information Security Governance, Risk & Compliance Analyst will play a key role as part of a group of Information Security Compliance professionals responsible for operational services related to the Information Security Compliance program, facilitating Governance, Risk, & Compliance activities related to various compliance and regulatory requirements, and working with cross-functional teams throughout the company and audit/assurance services for the implementation of security controls.

The InfoSec GRC Analyst will report to the Director of Information Security, Governance, Risk & Compliance and participate as a key member of the Information Security & Compliance Team.

Responsibilities:

• Assist in managing a compliance program for a portfolio of internal/external audits & certifications, ensuring documented and sustainable compliance practices across the company.
• Assist with the implementation and direction of compliance processes to automate and continuously monitor information security controls, exceptions, risks, testing, and evidence artifacts. Develops reporting metrics and dashboards.
• Assists control owners in defining responsibilities and control standards for regulatory and compliance goals – including but not limited to the following audits and certifications: SOX, PCI, HIPAA, SOC1/2, FED RAMP, HITRUST, ISO 27001/27017/27018, Cyber Essentials, etc.
• Map and maintain common controls framework and control scope/applicability for a portfolio of compliance initiatives and information security policies.
• Assists in the establishment of an Information Security GRC Center of Excellence by providing audit and assurance services to support a portfolio of compliance projects. Provide compliance subject matter expertise and advisory services to stakeholders/control owners.
• Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares stakeholders' reports to track remediation activities. Evaluate & report any security/compliance risks to track as part of the company risk register. Consults on developing security standards, procedures, and controls to manage risks.
• Gather requirements guide assigned controls within the centralized GRC tool & audit/certification document repository to care for compliance program information across the company. Work with business unit/product level compliance teams to strengthen and align to a shared company compliance plan and organization approach/methodologies to ensure streamlined, lean, effective, and agile processes.
• Provides dashboards and reports based on regular assessments and testing of the effectiveness and efficiency of controls.
• Perform operational activities related to the compliance program and escalate deviations when needed.
• Perform audit services including risk and gap assessments to business units as needed.
• Provide input on responses for company-wide compliance-related customer/partner/third-party requests.
• Practice Agile methodologies and promote/strengthen automation across all initiatives to promote a higher level of work quality and act as a model for others to emulate.

Qualifications

• Bachelor's Degree in Computer Science or equivalent field of study
• 5+ years of experience working with applicable information security management, governance, and compliance principles, practices, laws, rules, and regulations
• 5+ years of experience in Information systems auditing, monitoring, controlling, and assessment process
• Demonstrate flexibility to work consistently between 8 am and 5 pm EST (6.30 PM IST to 3.30 AM IST)
• Proficiency in Risk assessment and direction methodology
• Proficiency in working with recognized IT Security-related standards and technologies.
• Ability to function effectively within cross-functional and interdisciplinary teams to achieve tactical and strategic goals. This is a highly responsible position that requires both quantitative and interpersonal skills.
• Demonstrated project management, organizational, and facilitation skills.
• Excellent communication and presentation skills. Demonstrated ability to serve as an effective member of the InfoSec GRC team and ability to communicate security-related concepts to a broad range of technical and non-technical management and staff.
• High level of personal integrity, and the ability to professionally handle confidential matters and exude the appropriate level of judgment and maturity.
• ISO LA, PCI QSA, CISSP, CISM, CISA, ITIL, or GIAC certifications desired.

Benefits

• Great benefits and perks like larger tech companies
• Independence to make a larger impact on the company
• Ownership of work