IT-GRC Analyst

Primary Roles & Responsibilities:

• Understand Blackbox Internal Business services and review proposed customer contracts for compliance, risks privacy, security and regulatory issues
• Coordinate external & Internal audits of the Blackbox IT environment and collate evidence submitted by technical team
• God understanding of security concepts, drivers of risk and mitigation control, BCP, DR, Risk Management 3rd party vendor Audits and Management, policies and procedure writing and evaluations, IT – general and application controls 
• Develop and maintain both continuous and spot check, autonomous and manual audit processes
• Educate users on IT controls processes and play an advisory role internally.
• Perform end – to end contracts evaluation for risk, compliance, and security evaluations and expectations. 
• Report on compliance results & metrics to executive teams
• Provide continual improvement objectives to better align to external requests
• Build a strong knowledge and understanding of systems and processes
• Assist in development of data governance processes and RACI
• Review and update internal corporate Policies based on Industry best practices and Regulatory requirements
• Understand and document Data workflows and lifecycles 
• Establish Processes to improve the life cycle Management of Contracts
• Possess experience or good knowledge on IT controls mapping as per global standards.
   

Knowledge, Skills, Abilities:

• Strong familiarity with risk, compliance, and audit frameworks and the various ways they are applied in IT environments
• Understanding of Global data privacy and security regulations – like GDPR, CCPA etc. both at global and US state levels for data privacy laws and requirements.
• Ability to scope, assess, and revise contracts and suggest edits based on business drivers and compliance needs.
• Ability to find root causes of control failures and mitigate risks accordingly 
• Ability to create and maintain policies, procedures and guidelines for the Company and maintain its lifecycle in SharePoint
• Ability to educate the company employees and respond to policy related queries.
• Ability to implement controls in a diverse technical and geographically distributed environment to mitigate risk
• Ability to convince a highly varied audience to follow prescribed controls
• Comfort with presenting progress reports and results to senior leadership
• Understanding of process design and compliance terminology
• Ability to write and speak clearly, consistently, and concisely 
• Ability to Multitask responses to multiple Contracts and meet given deadlines
• Ability to be self-driven, Motivated with end-to-end ownership on contracts management 
• Excellent Audit Life Cycle Management skills, Expert use of Excel sheet, Word document management, PPT, ability to track documents versions, evidence etc. 
• Excellent written and verbal communication skills and English language command.

Education/Experience Requirements:

• BA business or information technology or equivalent experience.
• Minimum 5 years or more of prior experience in IT-GRC domain like IT risk, auditing, Contracts evaluation, Data privacy, compliance evaluation etc. strongly preferred.
• Knowledge of working with US & Global regulations and compliance requirements like HIPAA, PCIDSS, GDPR and US state level laws like CCPA etc. 

Frameworks / Industry Standard & Regulations 

• Data Privacy Laws like GDPR, CCPA, 
• PCIDSS, SOC2, HIPAA 
• Security and Assurance standards like NIST 800-53 controls, NIST CSF, CIS controls, ISO 27001 standards 

Certifications Desired / Preferred 

• CISA and/or CRISC and/or CGEIT
• ISO 27001 L.A or CISM or CISSP – Desirable.