GRC Analyst

Position Summary: We are seeking an experienced, adaptable, highly motivated, and detail-oriented GRC Analyst to join our team. The primary responsibilities of this role include providing support for Coretek client GRC – related engagements as needed, as well as managing Coretek's governance, risk, and compliance initiatives, ensuring adherence to business, regulatory, and framework requirements. The GRC Analyst will be responsible for collaborating with individuals and teams across the organization to reduce organizational risk, facilitate continuous improvement, and foster adherence with corporate policies, processes, and standards.

• Provide program support and assistance to Coretek clients with whom Coretek has engaged for vendor risk assessment engagements and/or advisory support.
• Collaborate with teams across the organization to identify, assess, and track organizational risk for Coretek.
• Enhance Coretek’s vendor risk management program, conduct vendor risk assessments, and monitor the lifecycle of vendor-related risks.  
• Assist with completion of client due diligence questionnaires and assessments.
• Assist with the creation and maintenance of Coretek policy, process, standards, and awareness training across the organization.
• Collaborate with Human Resources to ensure that Coretek personnel are trained on relevant policies, processes, standards, and security/regulatory/privacy awareness.
• Conduct research on relevant laws and regulations that Coretek or Coretek clients must adhere to or maintain compliance with.
• Create relevant regulatory summary documents and trainings for Coretek personnel.
• Collaborate with and provide support to the Internal Audit team to ensure that Coretek remains compliant with regulatory and framework requirements.
• Monitor resolution of identified problems/issues resulting from internal or external audit findings.
• Monitor denied parties screening processes for Coretek personnel, visitors, vendors, etc. in accordance with corporate policy.
• Conduct privacy impact assessments & data protection impact assessments for the organization.
• Work with teams across the organization to ensure that privacy is factored into daily operations and decision making.
• Monitor for and respond to privacy events.
• Assist with the creation and maintenance of data flow diagrams.
• Facilitate continuous improvement for GRC initiatives.
• Monitor GRC – related objectives to ensure regular review, status updates, and completion.
• Other duties as assigned

• Minimum of 3 years prior experience in governance, risk, vendor risk, compliance, and privacy

• Degree, certification, or training in Computer Science, Information Security, Security Governance, IT Governance, Risk, Compliance, and/or Privacy
• Experience building or enhancing GRC programs
• Experience or familiarity with standards and frameworks including but not limited to: ISO 27001, ISO 27701, SOC 2 Type II, Azure Expert MSP, NIST 800-171, CMMC L2, HIPAA, and GDPR
• Experience or familiarity with GRC applications
• Proficiency in Microsoft Office Suite

Skills:

• Self-motivation
• Strong analytical, critical thinking, and problem-solving skills
• Strong attention to detail
• Adaptable with ability to thrive in a fast-paced environment
• Project and time management skills, with the ability to prioritize and manage multiple tasks and remediation projects effectively
• Excellent verbal and written communication
• Ability to work independently and as part of a team