GRC Analyst

Job Description:

Responsibilities

• Policy Governance: Establish, maintain, and enforce the organization’s information security strategy, policies, and standards.
• Vendor Risk Management: Oversee and manage the organization’s Vendor Risk Management Program, ensuring third-party compliance with security requirements.
• Cyber Risk Register: Maintain and manage the cyber risk register to document and track identified risks, mitigation efforts, and progress.
• Customer Contract Reviews: Partner with Legal to review customer contracts for compliance with security requirements and organizational standards.
• Customer Security Questionnaires: Respond to customer security questionnaires to address inquiries about the organization’s security posture.
• Customer Trust Center: Maintain and update the Customer Trust Center to ensure transparency and confidence in the organization’s security practices.
• Legal, Regulatory, and Compliance Tracking: Research, track, and ensure the organization remains compliant with relevant legal, regulatory, and compliance requirements.

Key skills

• Responsible for identifying, evaluating, and reporting on information security risk to information assets
• Acting as a subject-matter expert on relevant compliance and regulatory frameworks (E.g. HIPAA, ISO standards, PCI, SOC 2, GDPR, CCPA, etc), and staying on top of industry best practices.
• Engaging in risk management and updating playbooks to align with current industry standards, regulatory changes, and best practices
• Engaging in Disaster Recovery (DR) and Business Continuity Planning (BCP), and managing the testing of these plans
• Conducting compliance audits to ensure adherence to cybersecurity standards and regulations
• Monitoring compliance with regulations and standards, typically by key cybersecurity KPIs.
• Engaging in Third-Party Risk Management (TPRM) by analyzing and minimizing risks associated with outsourcing to third-party vendors or service providers.
• Assisting with documentation following incident response
• Security awareness and training
• Engaging in regulatory change management to make sure the companies policies and practices are adjusted following regulatory updates
• Preparing detailed reports and documentation of compliance findings and security gaps
• Developing and implementing controls to address cybersecurity and compliance needs across an organization
• Implementing GRC programs with the knowledge in Data-driven decision, Responsible operations and Improved cybersecurity
• Experience on Tools and Software such as GRC platforms (e.g., RSA Archer, MetricStream); Risk management tools (e.g., RiskWatch, LogicManager); Compliance management software (e.g., ComplyAdvantage).
• Having knowledge on best practices for GRC in the cloud era include leveraging integrated GRC platforms to centralize management of risks, controls, and compliance activities across cloud environments. Implementing robust access controls, encryption, and monitoring mechanisms helps ensure data security and compliance with regulatory requirements.
• Operational knowledge on Regular risk assessments to address cloud-related risks effectively. Additionally, fostering collaboration between IT, security, compliance, and business teams facilitates the alignment of cloud initiatives with organizational goals and GRC objectives. Experience on Continuous monitoring, training, and adaptation to evolving cloud technologies and regulatory landscapes

Educational Backgrounds

• Bachelor’s degree in information security, Business Administration, or a related field with 3 to 5 years of experience.
• Certifications such as Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) are highly beneficial

At Nextracker, we are leading in the energy transition, providing the most comprehensive portfolio of intelligent solar tracker and software solutions for solar power plants, as well as strategic services to capture the full value of solar power plants for our customers. Our talented worldwide teams are transforming PV plant performance every day with smart technology, data monitoring and analysis services.

For us at Nextracker, sustainability is not just a word. It's a core part of our business, values and our operations. Our sustainability efforts are based on five cornerstones: People, Community, Environment, Innovation, and Integrity. We are creative, collaborative and passionate problem-solvers from diverse backgrounds, driven by our shared mission to provide smart solar and software solutions for our customers and to mitigate climate change for future generations.