Analyst, IT Goverance, Risk and Compliance

Summary: The Analyst, IT Governance, Risk & Compliance (GRC) will support the organization's compliance and risk management initiatives, ensuring adherence to regulatory requirements and industry best practices. This role will assist in maintaining security frameworks, conducting risk assessments, and supporting ongoing compliance programs such as SOC 2 and ISO 27001. Essential Job Duties and Responsibilities: • Support the ongoing SOC 2 and ISO 27001 compliance programs, including evidence gathering, control testing, and remediation tracking. • Assist with the administration of the Vanta platform, ensuring security controls are properly mapped, automated tests are functioning, and evidence is current. • Conduct periodic risk assessments, documenting risks, evaluating impact/likelihood, and supporting mitigation planning. • Draft, maintain, and review security policies, standards, and procedures to align with regulatory requirements and industry best practices. • Support the third-party vendor risk management process, including security questionnaire reviews and vendor monitoring. • Assist with responding to client and regulatory security questionnaires. • Track compliance tasks, follow up with stakeholders, and provide status reporting to GRC leadership. • Contribute to security awareness and training initiatives, reinforcing a culture of compliance. • Stay current with evolving compliance requirements, standards, and frameworks relevant to the business. • Comply with all company policies and procedures. • Maintain regular and punctual attendance. Other Job Duties and Responsibilities: Performs other related duties as assigned. Supervisory Responsibilities: • This position is an individual contributor. Qualifications: To perform this job successfully, an individual must be able to perform each essential function satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. • Familiarity with compliance frameworks such as SOC 2, ISO 27001, and NIST. • Experience with GRC tools (e.g., Vanta, OneTrust) preferred. • Strong understanding of IT security principles, risk management, and regulatory requirements. • Excellent communication, organizational, and analytical skills. • Ability to work collaboratively across teams and manage multiple priorities. Education and/or Experience: • Bachelor's degree in Information Security, Information Technology, or related field (or equivalent experience). • 3+ years in IT security, governance, risk, or compliance roles. Certificates, Licenses, Registrations: • Certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer are a plus. Work Complexity: Problems and issues faced are general, and may require understanding of broader set of issues but typically are not complex. May require familiarity with the financial/mortgage (or job-specific) industry. Problems require understanding of other job areas. Problems are typically solved through drawing from prior experiences, with analysis of the issue. Work Environment: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Work is normally performed in a typical interior office work environment which does not subject the employee to any hazardous or unpleasant elements. The noise level in the work environment is usually moderate. Physical Demands: The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is frequently required to sit and talk or hear. The employee is occasionally required to stand; walk; use hands to finger, handle, or feel; and reach with hands and arms. The employee must occasionally lift and/or move up to 25 pounds. Equal Employment Opportunity: The company is committed to providing equal employment opportunities to all employees and applicants without regard to race, ethnicity, color, sex, marital status, sexual orientation, gender identity or expression, pregnancy, religion, national origin, age (40 and over), disability, military status, genetic information, or any other basis protected by applicable federal, state, or local laws. Americans with Disabilities Act: Applicants as well as employees who are or become disabled must be able to satisfactorily perform the essential job functions of the position either with or without reasonable accommodation. Applicants as well as employees are encouraged to meet with Human Resources as the organization shall review reasonable accommodations on a case-by-case basis in accordance with applicable law. Job Responsibilities: The statements reflect the general duties and responsibilities considered necessary to perform the essential functions of the job and should not be considered as an all-inclusive list of all the work requirements of the position. The company may change the specific job duties with or without prior notice based on the needs of the organization. Apply tot his job