Governance, Risk & Compliance Analyst

For over 25 years, Computer Design & Integration (CDI) has helped companies both large and small advance their corporate strategies with the integration of best-of-breed technology solutions. Employing a “Change or Die” mentality, we continue to innovate and grow in a time of transformation within the IT industry. The rate of change is exponential, and the complexity of business requirements is growing at a similar rate. We’re looking to hire individuals that are high-performers and seeking to work in a fun, fast-paced, dynamic, and client outcome-focused environment.

There is no more exciting place to be than where people are shaping the future and improving the way the world works. Come join CDI and help us help our clients use technology to become the business leaders of the 21st century. At CDI, we enjoy the challenges of working at the speed of business – where offering premier B2B service is the starting point, but where personal contribution makes all the difference.

Position Overview

The Governance Risk and Compliance Analyst reports to the Director, Security Operations and is responsible for the day-to-day monitoring and management of GRC activities & deliverables. You will need to confidently perform third-party security vendor diligence, liaising with both internal and external business stakeholders to perform assessments and identify risk. Working closely with compliance, technology teams, and the wider business to manage and mitigate security and technology risk.

Your responsibilities will include maintaining and improving our InfoSec ISMS, policies, standards, and processes. You should also ideally have knowledge of governance standards and frameworks such as ISO 27001, NIST, and GDPR.

Job Function & Responsibilities

• Support the development, maintenance & management of policies, procedures and controls that align with industry standards and regulatory requirements.
• Support the management and development of programs to ensure that technology systems align with business objectives, are compliant with relevant legal and regulatory requirements and are compliant with Information Security & Data Protection policies and standards.
• Support the development and maintenance of an Information Technology risk management framework that identifies and assesses risks associated with our technology systems and develops strategies to mitigate those risks. Contribute to risk assessments and support the development of risk management plans to mitigate risks.
• Support the development and delivery of training programs to increase awareness of information security and compliance requirements and best practices.
• Collaborate with legal and audit teams to ensure group compliance with regulatory and legal requirements.
• Assist in conducting technology compliance assessments and audits, monitor compliance metrics to identify areas of non-compliance and develop corrective actions.
• Serve as a subject matter expert on compliance-related matters and provide guidance to internal teams on regulatory compliance issues, participate in steering committee activities related to GRC, partnering with other respective compliance stakeholders, provide guidance and support to business units on compliance and risk management matters.
• Maintain relationships with internal stakeholders, external partners, and regulators to ensure ongoing compliance.
• Support the management of internal and external audits and assessments and develop and implement corrective action plans as needed.
• Monitor and review regulatory changes and industry trends to ensure GRC programs remain effective and relevant.
• Utilize GRC toolsets to support the management of GRC activity across the group.
• Perform security and compliance assessments on new and existing systems, processes & technology.
• Support and assist in the management of our IT/InfoSec risk register.
• Perform periodic gap assessments to validate compliance on an ongoing basis.
• Support daily activities and health checks for GRC activity.
• Produce reporting/management information based on GRC monitoring activities including metrics & KPI’s utilize these metrics to track security program effectiveness and to report risk.
• Support the monitoring of performance on recurring internal assessment activities.
• Other duties as assigned.

Desired Qualifications & Experience

• At least 3 years of experience in risk and compliance management
• Knowledge of regulatory requirements and industry standards such as GDPR, CCPA, SOX, PCI, etc.
• Strong communication, collaboration, and leadership skills
• Experience contributing to implementing successful GRC programs and driving change in an organization.
• Strong analytical and problem-solving skills and effective communication and interpersonal skills, with the ability to collaborate effectively with stakeholders at all levels of the organization.
• Experience supporting the development and implementation of GRC programs, policies, procedures, and controls.
• Experience supporting the conducting of risk assessments and the development of risk management plans.
• Professional certification in relevant areas such as CISA, CRISC, CGRC or similar are highly preferred.
• Ability to travel as needed.

Physical Requirements

• Ability to safely and successfully perform the essential job functions consistent with the ADA, FMLA and other federal, state, and local standards, including meeting qualitative and/or quantitative productivity standards.
• Ability to maintain regular, punctual attendance consistent with the ADA, FMLA and other federal, state, and local standards.
• Must be able to lift and carry up to 25 lbs.
• Must be able to talk, listen and speak clearly on telephone.

Benefits

CDI offers a competitive compensation package that rewards and recognizes its employees. The benefits package includes:

• Medical
• Dental
• Vision
• Health Savings Account/Flexible Spending Accounts available
• Company Paid Life Insurance
• Company Paid Accidental Death and Dismemberment
• Company Paid Short & Long Term Disability
• Accident, Specified Disease and Hospital Indemnity Insurance
• Legal & Identity Theft Protection
• Pet Insurance
• Employee Assistance Program
• 401K with Match
• Flexible Paid Time Off
• 12 Company Paid Holidays

#LI-Remote