GRC Analyst

Job Description

The GRC Risk and Compliance Analyst is responsible to apply knowledge of risk management, information security/data privacy requirements and controls, and Openwave products & customer environments to manage security exception process, deliver accurate and timely risk assessments and inquiry/questionnaire responses to customers, auditors, and internal stakeholders. The position will play a lead role in strengthening the companys information security and contract compliance through timely and effective execution of risk management processes. How you will help: Specific Job Responsibilities 1. Support Iso27001 control implementation and assessment activities for Openwave. 2. Support on-site Iso27001 walkthroughs and audit activities as needed. 3. Execute security & privacy related risk assessments, including helping to identify, document, and implement controls, resolve identified issues, and manage related documentation using ticket system (such as Jira) and GRC platforms (such as 6clicks). 4. Coordinate with Openwave teams to develop & deliver responses to customer inquiries and questionnaires. Communicate effectively with customers and internal stakeholders independently as needed. 5. Provide best practice knowledge related to risk management & risk assessment as applied to specific Openwave products, technologies, and markets. Participate actively in continuous improvement of GRC processes, considering scalability, transparency, documentation, content/evidence reuse, and effective customer management. 6. Support customer and third-party audit activity of Openwave as required. 7. Assist with policy updates as required. Who we have in mind: Position Requirements 1. Bachelors degree in information technology, Information Security, Business or Risk Management (or equivalent professional qualification). 2. Minimum 3 years of experience a Risk Management role related to information security. 3. Working knowledge of information security regulations and standards required, including ISO/IEC 27001. 4. Prior experience in Corporate IT or Information Security roles is a real advantage. If no experience, then it would be important to demonstrate an interest in broadening your knowledge outside GRC and be prepared to help out in these areas when the need arises. 5. Proactive, structured and detail-oriented work style with strong communication skills required. Ability to work independently with minimal supervision. 6. Excellent oral and written English skills required.