GRC Analyst

Position Overview 

We are seeking a detail-oriented Governance Risk and Compliance (GRC) Analyst to join our Security and Compliance team.  The GRC Analyst will work in a collaborative fashion with our internal teams and external partners to manage Security & Compliance risk. Our preference for this role is those who have solid experience in technology, information security or compliance, and have significantly contributed to SSAE18, SOC 2, Payment Card Industry (PCI) ROC and/or ISO 27001 audits. We're looking for team players who want to challenge themselves within a growing company, and are as comfortable talking with senior management about information risk, as they are with IT staff. Therefore, if you thrive in a dynamic  environment, then maybe you are the one we’re looking for! 

This position is a remote eligible role reporting to the Senior Director of Governance, Risk & Compliance

Responsibilities

• Conducts audits of internal information security, compliance and privacy processes.
• Ensures timely resolution to all audit and risk assessment findings or issues.
• Manages OneTrust GRC reporting portal.
• Appropriately communicates audit reports, gaps or recommendations to company management, and tracks any open concerns or questions to resolution.
• Identifies potential technologies, processes or solutions that could improve the security posture of the company
• Contributes to the development of security standards, access controls, and compliance requirements of applications, network infrastructure, servers and workstations.
• Serves as subject matter expert regarding information security and compliance policy
• Maintains awareness of current and emerging threat landscapes
• Assists in reporting security & compliance metrics to management.  
• Supports additional audit and governance functions as assigned
• Earns the trust and respect of the Direct Travel team.
• Grows into a role with increasing responsibility

Required Qualifications

• Direct experience with achieving successful annual PCI Compliance,  SSAE18 SOC 2 attestations and/or ISO 27001 certifications
• 1-3 years of experience leading information security audits with a preference for IS0 27001 and SOC 2 audits or assessments
• 1-3 years of experience as an IT, security or compliance analyst, with experience developing security strategy and policy.
• Experience authoring policies and procedures
• Solid knowledge of ISO 27001, NIST 800-53, NIST 800-171, NIST CSF
• Experience with full Governance, Risk Management and Compliance Lifecycle
• Personal integrity
• Self-motivated, self-disciplined, and self-governed. You hold yourself to a higher standard than others.
• Highly consultative and collaborative nature.
• Excellent communications and presentation skills, with the ability to convey complex technology concepts to non-technology stakeholders.
• The discipline to work effectively from remote location.
• Degree in computer science, information systems, information security, or a related discipline. Equivalent work experience will also be considered
• Experience with Payment Card Industry (PCI) Compliance
• Excellent analytical and stakeholder engagement skills
• Strong organization and planning skills
• Successfully pass background check
• Must be able to lawfully work within the US and have unrestricted work authorization for US
• Ability to travel up to 15%  if required

This is not necessarily an exhaustive list of responsibilities, skills, duties, requirements, or efforts associated with the position.

Preferred Qualifications

• Experience with the myriad of regulatory compliance frameworks (e.g., HIPAA, GDPR, CCPA, PII, PCI-DSS, SOX).
• Certifications (e.g., ISO 27001 Lead Implementer, CISA, CISM, CISSP, ISO 27001 Lead Auditor, MCSE, CEH, OSCP).
• Familiarity with related standards (FISMA, HITRUST, CSF)
• 1-3 years of experience with MSP or IaaS cloud-based solutions (O365, Azure)
• Proven ability to manage projects across multiple functional areas in a complex and dynamic environment.  
• Able to provide resourceful, creative solutions

Benefits Onboard

In addition to Medical, Dental, and Vision benefits Direct Travel offers an employee rewards and recognitions program, Total Rewards Package which includes Wellness, Sustainability, DE&I initiatives, and Mental Health Support. 

Our Brand Voyage: About Direct Travel

Direct Travel is a leading provider of corporate travel management services. The company has been providing travel management for over 40 years, working with clients to develop highly customized travel programs. By leveraging both the expertise of its people and innovative solutions, Direct Travel enables clients to derive the greatest value from their travel program in terms of superior service, progressive technologies and significant cost savings. Direct Travel has offices in over 80 locations and is currently ranked 13th on Travel Weekly’s Power List. For more information, visit www.dt.com. 

Direct Travel is an EOE/AA/Veteran/People with Disabilities employer

If you're ready to chart a new course and advance your career with the valuable moments and travel experiences that await, we welcome you to submit your resume for consideration at Direct Travel.