Sr. Governance, Risk & Compliance Analyst

Reporting to the Director, Governance, Risk, and Compliance, the Senior Governance, Risk, and Compliance (GRC) Analyst will be responsible for supporting and managing GRC initiatives within our organization. This role requires a deep understanding of regulatory requirements, risk management frameworks, and compliance best practices. The Senior GRC Analyst will work closely with various departments to ensure that our policies and procedures are in line with industry standards and regulatory requirements. The successful candidate will have a proven track record of supporting and maintaining GRC programs, supporting risk assessments, and providing strategic recommendations to mitigate risks. This role also involves continuous monitoring and reporting on the effectiveness of our GRC initiatives, as well as staying up to date with the latest industry trends and regulatory changes. The Senior GRC Analyst will play a critical role in fostering a culture of compliance and risk awareness across the organization. 

PRIMARY JOB RESPONSIBILITIES:

Governance and Corporate Compliance

• Develop and maintain policies and procedures to ensure compliance with regulatory requirements.
• Monitor and report on the effectiveness of GRC initiatives.
• Stay up to date with industry trends and regulatory changes.
• Conduct information security, privacy, and compliance incident investigations and root cause analysis.
• Foster a culture of compliance and risk awareness.
• Conduct training and awareness programs on GRC topics.
• Ensure data privacy and protection compliance.
• Assist with preparing GRC reports to the board of directors.
• Support internal audits and compliance reviews.
• Implement and manage GRC tools and software.

Risk Management

• Maintain a risk register.
• Collaborate with various departments to identify and mitigate risks.
• Provide strategic risk mitigation recommendations to senior management.
• Perform vendor risk assessments, including risk areas of information security, privacy, artificial intelligence (AI), and environmental, social, and governance (ESG)
• Support third-party risk assessments and audits.
• Perform project management

Cybersecurity

• Ensure compliance with cybersecurity standards.
• Perform periodic monitoring and audit of cybersecurity systems and processes, such as identity and access management.

JOB QUALIFICATIONS:

Required: 

• Bachelor's degree in a related field.
• Minimum of 5 years of experience in GRC or a related role.
• Strong understanding of regulatory requirements and risk management frameworks.
• Proven track record of maintaining GRC programs.
• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal skills.
• Ability to work independently and as part of a team.
• Detail-oriented with strong organizational skills.
• Knowledge of data privacy and protection regulations.
• Ability to manage multiple projects simultaneously.
• Strong presentation and reporting skills.
• Experience conducting risk assessments and audits.
• Ability to develop and deliver training programs.
• Knowledge of cybersecurity standards and best practices.
• Experience with business continuity and disaster recovery planning.
• Ability to work with cross-functional teams.
• Strong project management skills.
• Proactive and self-motivated.

Preferred:

• Experience with GRC tools and software, such as Onspring
• Certifications such as CISA, CRISC, CISSP, CHC, CIPP, PMP, or CAPM are a plus
• PowerPoint and Excel capabilities

The specific statements shown in each section of this description are not intended to be all-inclusive. They represent typical elements and criteria necessary to successfully perform this position.

** In accordance with CareQuest Institute for Oral Health’s Compliance Plan, all employees must conduct CareQuest Institute for Oral Health business and activities in accordance with applicable laws, regulations, professional standards and ethical standards and report potential compliance or ethical issues to CareQuest Institute for Oral Health’s designated Compliance Officer. **

CareQuest Institute for Oral Health’s Affirmative Action Program affirms our commitment to make reasonable accommodation for known physical or mental limitation of otherwise-qualified individuals with disabilities or special disabled veterans, unless the accommodation would impose an undue hardship on the operation of our business and activities. Please see Human Resources for additional information regarding this program.