- Implement and maintain enterprise information security GRC tool mapping controls to established framework
- Develop management and executive reporting that accurately and fully shows risk and compliance status
- Analyze compliance gaps and associated risks and provide regular updates to Information Security leadership
- Assist in the development of corporate Information Security Policies and Procedures
- Assist in completion of internal and external audits by producing evidence from GRC tool
- Identify and report upon potential audit compliance risks in advance of all audits
Candidate must have experience on at least one GRC Platform
GRC tools include - Preferably HITRUST MySCF, Compliance 360, or RSA Archer.
Preferred Certifications such as are a plus, but the Skill level carries more weight.
GRCP (Governance, Risk and Compliance Professional)
CGEIT (Certified in the Governance of Enterprise IT)
PMI-RMP: Project Management Institute – Risk Management Professional
CRISC: Certified in Risk and Information Systems Control