Address
Form of workThe Senior Governance, Risk, and Compliance Analyst (GRC) is responsible for assessing and documenting the CAMP’s compliance and risk posture as they relate to its information assets.
The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; controls design, development and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.
Responsibilities:- Lead the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
- Internally assess, evaluate and make recommendations to management regarding the adequacy and effectiveness of the security controls.
- Develop and implement effective policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant certification, legislation and legal interpretation.
- Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors, PCI, SOX, SOC2, NIST-CSF, ISO 27001, FAR/DFAR etc.
- Work with Internal Audit, external auditors (3rd parties), legal team, customers, and partners on security assessments and audits.
- Coordinate and track all information technology and security related audits including scope of audits and business units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide a consistent perspective that continually puts the institution in its best light.
- Provide guidance, evaluation and advocacy on audit responses.
- Develop and maintain a common controls framework that drives evidence gathering, infosec policy, internal testing, and audit support.
- Bachelor’s degree or equivalent combination of education and experience.
- Industry certifications such as CISSP, CRISC, CISM, or CISA are strongly preferred or demonstrated experience in achieving accreditations.
- 5 - 7+ years of direct information security experience, with a primary focus in risk and compliance.
- Strong knowledge of information security risk management frameworks (PCI, SOC2, NIST, SOX, etc.) and compliance practices.
- Strong eye for detail and ability to successfully manage third party audits, gather evidence and coordinate audit response.
- Ability to develop security standards and guidelines based on best practices and industry standards
- Familiarity with GRC tools methodologies and best practices
- Experience in planning and executing multiple risk & Compliance projects.
- Ability to leverage strong verbal, written communication skills to collaborate with cross-functional teams.
- Strong analytical and problem-solving skills capable of managing projects that drive business objectives.
- A team player with strong collaboration skills and the ability to work with minimal supervision.
CAMP is committed to creating a diverse environment and is proud to be an affirmative action and equal opportunity employer. We understand the value of diversity and its impact on a high-performance culture. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, disability, age, sexual orientation, gender identity, national origin, veteran status, or genetic information.
CAMP is committed to providing access, equal opportunity, and reasonable accommodation for individuals with disabilities in employment, its services, programs, and activities. To request reasonable accommodation, please contact hr@campsystems.com.
All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, national origin, age, sexual orientation, gender identity, disability or veteran status EOE
