Park Place Technologies
Park Place Technologies is a global data center and networking optimization firm. We support your server, storage, & network environments.
Job Title: Governance Risk and Compliance Analyst
As a Governance Risk and Compliance (GRC) Analyst, you will be responsible for ensuring ISO27001 and SOC2 compliance by conducting regular assessments and audits, staying informed about US and UK regulatory requirements, and aligning organizational services with relevant standards. Additionally, you will streamline GRC activities through scripting and automation using tools like PowerShell and Vscode, leveraging DevOps Pipeline for automation efforts. Your role includes conducting internal reviews to identify risks and non-compliance, analysing information metrics, and translating insights into actionable measures. You will contribute to process improvement within the Secops Team, evaluate third-party vendors for compliance, complete customer security surveys, and stay abreast of industry best practices and trends impacting the organization's risk stance.
Responsibilities:
* Ensure adherence to ISO27001 and SOC2 standards, conducting regular assessments, audits, and reviews to maintain compliance. Stay abreast of US and UK regulatory requirements, including GDPR, DPA 2018, NIST, DFARS, FARS, and other relevant standards.
* Develop efficient processes and automate where possible whilst streamlining GRC activities using tools such as PowerShell and Vscode.
* Conduct comprehensive internal audits, policy/process/Identity Access management reviews to identify potential risks and areas of non-compliance.
* Prepare and organize evidence for, and participate in, annual internal and external audits of standards, including ISO 27001 and SOC2.
* Conduct regular analysis of information metrics and translate findings into actionable insights.
* Contribute to the development and enhancement of processes and procedures to strengthen security and compliance measures within the Secops Team.
* Evaluate and review third-party vendors for compliance with security and regulatory standards.
* Complete customer security survey requirements to demonstrate the organization's ability to protect customer information.
* Remain appraised of industry best practices for IT services provided, staying informed about industry trends impacting the organization's risk stance.
Basic Qualifications:
* 1-2 years of relevant experience in IT compliance within an IT service organization focusing on working with the ISO27001 and SOC2 frameworks.
* Experience working within an auditing role.
* Strong organizational, project management, and process analysis skills.
* Ability to effectively work and interact with customers and team members.
* Ability to effectively manage multiple assignments and priorities.
* Ability to effectively communicate both orally and in writing.
* Demonstrated understanding of Risk management within an information security Management System.
* Technical knowledge of enterprise IT systems, operating systems, and networks.
* Experience with basic scripting and query creation.
* Demonstrable understanding of global standards such as ISO9001, NIST, DFARS, FARS, GDPR, DPA 2018, and PCI-DSS.
Preferred Qualifications:
* Relevant security-related certifications a plus: CISSP, GCIA, GSEC, GCIH, GCED, GCFA, GREM.
* Relevant certifications for RISK management frameworks for IT systems.
* Relevant auditing certification for an IT-based framework.
* Experience in information technology or security desired.
* Experience with Microsoft security technologies.
* Experience in any of the following applications:
o Rapid7 InsightVM, scripting (PowerShell, Python etc), Rapid7 AppSec, Bitsight, Microsoft Sentinel (SIEM), Risk management tools (OnSpring), SharePoint, Power BI or other data analytics tools.
#J-18808-Ljbffr