Cybersecurity Governance, Risk and Compliance (GRC) Analyst, Global

Vantage is committed to being a workplace of inclusion, equity, respect and acceptance. We celebrate diversity and intentionally seek out opportunities to learn from one another’s experience.

Vantage Data Centers powers, cools, protects and connects the technology of the world’s well-known hyperscalers, cloud providers and large enterprises. Developing and operating across North America, EMEA and Asia Pacific, Vantage has evolved data center design in innovative ways to deliver dramatic gains in reliability, efficiency and sustainability in flexible environments that can scale as quickly as the market demands.

Position Overview

This role is U.S Remote.

The GRC (Governance, Risk, and Compliance) Analyst plays a critical role in supporting the organization’s information security management system (ISMS) and cybersecurity initiatives. This position is responsible for leading the ISMS risk register, providing oversight on cyber risks and controls, and ensuring that the company’s security environment is maintained and aligned with relevant standards! The GRC Analyst will engage in ongoing training and professional development to stay ahead of the latest security trends and technologies, while also supporting internal and external audits, conducting security investigations, and handling GRC programs and projects!

Essential Job Functions

Risk Management & ISMS Support:

• Lead the ISMS risk register, ensuring that risks are identified, assessed, and mitigated effectively.

• Provide oversight on cyber risks and the implementation of appropriate controls.

• Support the ISMS program by ensuring compliance with relevant standards and conducting periodic gap assessments.

Cybersecurity Oversight:

• Manage, support, and maintain Vantage’s security environment.

• Act as a contact for end users and individuals reporting cybersecurity issues, questions, or concerns.

• Support AI Initiatives and governance.

GRC Program & Project Management:

• Manage GRC programs and projects as assigned, ensuring that objectives are met and risks are mitigated.

• Maintain and run policies, procedures, standards, and the Confluence site for all documentation, ensuring accuracy and conducting annual reviews.

Audit Support & Compliance:

• Support internal and external audits by providing vital documentation and responding to audit inquiries.

• Perform periodic gap assessments to validate compliance on an ongoing basis.

Incident Response & Triage:

• Support triage and investigation of security alerts to identify potential threats and take appropriate action

• Participate and support the Business Impact Analysis (BIA) and Crisis Management Framework (CMF) Documentation

Documentation & Communication:

• Create documentation and presentations for leadership and partners on relevant topics and issues.

• Contribute to the development and refinement of SOC (Security Operations Center) policies, procedures, and best practices.

Professional Development:

• Engage in ongoing training and professional development to stay ahead of the latest cybersecurity threats, vulnerabilities, trends and technologies.

Additional Duties:

• Handle additional duties as assigned by Management.

Job Requirements

Education:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field or equivalent years of experience.

• CISA, CISM, ISO 27001 Lead implementer, 27001 lead auditor certifications preferred but not required.

Experience:

• Minimum three (3) years of experience in governance, risk and compliance

• Demonstrated experience in enterprise risk management with solid understanding of cyber threats, vulnerabilities, probability, and impact.

• Experience with IT GRC platforms.

• Experience with IT governance, risk, and compliance management in a complex global environment.

• Experience with scripting and automation (e.g., Python, PowerShell), preferred.

Skills:

• Ability to excel in a fast paced and constantly evolving environment.

• Familiarity with regulatory requirements and frameworks (e.g., GDPR, COBIT, NIST).

• Understanding of cloud security principles and technologies (e.g., AWS, Azure, Google Cloud)

• Familiarity with ISMS and security frameworks, particularly ISO 27001/27002 and NIST RMF.

• Strong understanding of fundamental information security concepts and technology.

• Proficiency in written and oral communications across multiple stakeholder groups ranging from junior staff to senior leaders.

• Strong background in process development, documentation, and continuous improvement.

• Experience developing Standard Operating Procedures (SOPs), job aids, and hands-on training materials.

• Preferred Tooling Experience:

• Elastic SIEM

• Swimlane/Turbine

• Azure M365 including Defender, Purview and Intune

• Confluence

• SharePoint

• Travel required is expected to be up to 15% but may increase over time as the business evolves.

Physical Demands and Special Requirements

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

While performing the duties of this job, the employee is occasionally required to stand; walk; sit; use hands to handle, or feel objects; reach with hands and arms; climb stairs; balance; stoop or kneel; talk and hear. The employee must occasionally lift and/or move up to 25 pounds.

Additional Details

• Salary Range: $90 Base + Bonus (this range is based on Colorado market data and may vary in other locations)

• This position is eligible for company benefits including but not limited to medical, dental, and vision coverage, life and AD&D, short and long-term disability coverage, paid time off, employee assistance, participation in a 401k program that includes company match, and many other additional voluntary benefits.

• Compensation for the role will depend on a number of factors, including your qualifications, skills, competencies, and experience and may fall outside of the range shown.

We operate with No Ego and No Arrogance. We work to build each other up and support one another, appreciating each other’s strengths and respecting each other’s weaknesses. We find joy in our work and each other, actively seeking opportunities to inject fun into what we do. Our hard and efficient work is rewarded with an above market total compensation package. We offer a comprehensive suite of health and welfare, retirement, and paid leave benefits exceeding local expectations.

Throughout the year, the advantage of being part of the Vantage team is evident with an array of benefits, recognition, training and development, and the knowledge that your contribution adds value to the company and our community.

Don't meet all the requirements? Please still apply if you think you are the right person for the position. We are always keen to speak to people who connect with our mission and values.

Vantage Data Centers is an Equal Opportunity Employer

Vantage Data Centers does not accept unsolicited resumes from search firm agencies. Fees will not be paid in the event a candidate submitted by a recruiter without an agreement in place is hired; such resumes will be deemed the sole property of Vantage Data Centers.