Description

Job Description: GRC Analyst

Zywave
Position Overview

Zywave is seeking a skilled and motivated GRC (Governance, Risk, and Compliance) Analyst to join our dynamic team. In this role, you will manage compliance frameworks, assess risks, and ensure adherence to industry standards. Your expertise will contribute to maintaining Zywave's commitment to security and regulatory excellence.
Key Responsibilities
• Develop, implement, and maintain risk and compliance management programs aligned with NIST, RMF, CSF, ISO 27001, and SOC 2 frameworks.
• Conduct regular assessments of organizational risks to ensure compliance with regulatory and internal standards.
• Respond to customer RFPs, and annual Risk Assessments
• Monitor and evaluate the effectiveness of controls and recommend improvements for operational security and compliance.
• Collaborate with cross-functional teams, including IT, Legal, and R&D, to implement security policies and procedures.
• Prepare comprehensive reports for stakeholders detailing risk assessments and compliance findings.
• Facilitate external audits and lead internal readiness assessments in maintenance of the established controls to support Zywave's compliance program.
Qualifications
• 3-5 years of experience in Governance, Risk, and Compliance, with proven expertise in frameworks such as NIST, RMF, CSF, ISO 27001, and SOC 2.
• Familiarity with PCI DSS, HIPAA, DORA a plus
• Strong analytical and problem-solving skills with the ability to assess complex organizational risks.
• Excellent verbal and written communication skills to effectively deliver findings to stakeholders.
• Ability to work independently and as part of a team in a fast-paced environment.
• Relevant certifications such as CISA, CRISC are a plus.