At NAVISITE - Part of Accenture, celebrating our employees and investing in their well-being and development is not just a priority or an initiative - it's woven directly into our company fabric. Our mantra and unofficial corporate hashtag #SoMuchGood is all about recognizing our team's commitment and achievements, both inside and outside the office. It's that theme that has driven a host of programs at Navisite - it's who we are. What we do is simple: We work hard, we have fun, we give back to the community and we never take our eye off the goal - creating a modern cloud MSP with a global, talented team of employees. Join us and be part of our team!!
GRC Business Analyst
JOB SUMMARY
Assist with management and governance of the corporate compliance programs, through collaboration and cooperation, with appropriate stakeholders (i.e., product management, engineering, operations, and other support functions). The individual will focus on facilitating the review, development, implementation, and documentation of policies, processes, programs, and practices, guiding toward continuous compliance with industry laws, regulations, and frameworks (i.e., SOC1, SOC2, HITRUST, ISO 9001, ISO 20000, ISO 22301, ISO 27001, etc.)
MAJOR DUTIES AND RESPONSIBILITIES
Reports to the Director of Governance, Risk and Compliance (GRC) and assists with the day-to-day implementation and management of Navisite’s governance, risk, and compliance initiatives.
Participates in the review of procedures and controls to ensure compliance with applicable regulatory and legal requirements as well as good business practices.
Review business processes for overall effectiveness, articulates risks, and assesses adequacy of mitigation protocols associated with the internal controls system.
Keeps well informed of, and analyses new and pending laws & regulations, providing technical support and guidance to affected business units.
Participates in data collection, validation and reporting as part of regular compliance activities.
Researches and assists in the development of steps needed to test and\or monitor compliance requirements with applicable policies and procedures, in conjunction with defined and pending laws and regulations.
Assists with fulfillment of security, and quality-related customer and vendor questionnaires and surveys as needed.
Ability to interface and coordinate activities with external audit resources as necessary.
Provides regulatory knowledge in compliance framework, solutions and requirements that are currently or reasonably expected to be used as part of solutions and services provided by their assigned business unit.
Ensures compliance with corporate security program, policies, standards, and guidelines.
Provides periodic compliance risk assessments, highlighting priority issues and suggested corrective actions.
Assists with various deliverables associated with change management and other process excellence initiatives.
Delivers appropriate IT GRC metrics, analytics, and scorecards/dashboards.
Assists with other responsibilities as necessary.
REQUIRED QUALIFICATIONS
Skills/Abilities and Knowledge
Ability to read, write, speak and understand English.
Extreme attention to detail is a valued necessity.
Successful track record of working with technical internal customers both independently and concurrently to achieve business goals and meet requirements.
Ability to communicate compliance status and risks to the Director of GRC, in business terms, and to applicable stakeholders.
Ability to articulate the value of security controls and their potential business impacts.
Strong presentation, program management, and relationship management skills.
Strong risk analysis, customer service, problem solving, and consulting skills.
Professional with ability to properly handle confidential information.
Ability to prioritize and handle multiple tasks concurrently to meet deadlines.
Ability to work within a matrix organization.
Excellent written and verbal communication skills throughout every level of the organization.
Ability to work both independently and as part of a team to deliver quality results, in a timely fashion.
Ability to adapt to a dynamic, rapidly growing and changing business.
Education
Bachelor’s Degree (or higher) preferred (or equivalent experience)
Related Work Experience
3+ years of risk and compliance related experience
3+ years of technology management related compliance experience
Experience participating in governance, risk, and compliance programs within complex organizational structures.
History of documenting risk methodologies, maintaining risk registers, and initiating risk assessments for applicable environments.
Proven ability to identify, generate, and maintain metrics used to demonstrate relative risk and justify program growth expectations.
Knowledge of the latest information security standards, privacy laws, and regulations to ensure compliance both with internal security policies and external compliance requirements.
Experience using governance, risk, and compliance software is a plus.
NAVISITE - Part of Accenture, is an equal opportunity employer. We celebrate diversity and we are committed to creating an inclusive environment for all employees. Navisite does not discriminate in employment on the basis of race, color, religion, sex (including pregnancy and gender identity), national origin, political affiliation, sexual orientation, marital status, disability, genetic information, age, membership in an employee organization, parental status, military service, or other non-merit factor.
Internal Applicants – No sponsorship available / External Applicants – Sponsorship not guaranteed. Any potential sponsorship depends on a number of factors, including but not limited to the local candidate pool and can vary from year to year.
You must ensure compliance with data protection legislation under the DPA, EU GDPR, any other applicable data protection legislation.