Governance, Risk & Compliance Analyst
Are you ready to join the GRC team for a global cloud solutions provider? We are looking for a motivated individual contributor who can help take the Trintech compliance program to the next level by improving and expanding our compliance footprint and increasing customer confidence through the Customer Audit Experience. The candidate must possess practical knowledge and experience with compliance and security framework standards such as SOC, NIST, ISO 27001, HIPAA regulations while also having a basic technical understanding of cloud services provider (SaaS) principles. They must also have knowledge of audit processes and IT security risk assessment programs and be capable of articulating general IT security policies, processes, and technical controls to others.
- Collaborate with different departments in the analysis, response, and document packages of Due Diligence Questionnaires (DDQs) and risk questionnaires as required by clients of Trintech business units.
- Providing appropriately detailed and timely follow-up support with customers.
- Foster relationships with security, software engineering, legal, and business stakeholders to strengthen security governance and risk management.
- Facilitate HIPAA, SOC1, SOC2, ISO 27001 audit engagement, data/artifact collection, exception remediation and monitoring.
- Provide support and contribute to Trintech’s GRC programs such as: Policy Management, Risk Management, Third Party/Vendor Management, Compliance Management, and others.
- Contribute to the execution of the overall security governance and risk management program.
- Assist with development of audit reports and summarize them to facilitate remediation tasks for other IT operational teams.
- Contributes to maintenance and update of library of information security control policies and standards based on ISO 27001 and other industry best practices.
- Maintain awareness of changes or updates on security control frameworks, compliance laws and statutes and identify the impact to the business and its security posture.
- Conduct or participate in cross-training sessions with the Security Operations team in the management and configuration of security tools and technical controls.
- Providing updates, status, and completion information to leadership.