IT Compliance (GRC) Analyst

---

Job description

Mando Technologies is specializes in helping organizations make the most of their information assets. From acquiring, organizing, analyzing, and delivering data to closing the loop by integrating intelligence into the operations of the enterprise, Mando Technologies covers the full spectrum of Business Intelligence.

We are seeking an IT Compliance (GRC) Analyst to lead internal, vendor-managed, and cloud-hosted application access reviews to ensure access appropriateness. The Compliance Analyst will report to the Sr. Information Security Manager (Governance, Risk, and Compliance) to lead and support compliance program initiatives focusing on ensuring ongoing compliance for the organization. This position requires strong compliance experience, strong technical expertise (including technology and data security), proactive problem-solving skills, and the ability to work in a fast-paced environment to ensure our systems and data meet internal and external regulatory requirements.

Required Experience:

5+ years of proven experience in security compliance and assessments.

Experience and proficiency in Security Compliance and Regulatory Concepts, exemplified by a comprehensive understanding of relevant laws, regulations, and industry standards.

Experience applying in-depth understanding of governance, risk and compliance (GRC) in the realm of information security principles and best practices.

Experience and proficiency in conducting user access reviews and implementing and delivering effective mitigation strategies to ensure the safety and security of systems and operations.

Experience and knowledge of regulatory frameworks such as GDPR, HIPAA, PCI DSS, or ISO 27001.

Experience applying meticulous attention to detail to ensure accurate and thorough analysis of security controls and compliance measures.

Experience demonstrating extensive knowledge of best practices and industry standards such as NIST SP 800-53, and the Center for Information Security (CIS) Benchmarks.

Required Skills:

Detail-oriented approach, especially in addressing audit findings, and implementing compensating control where appropriate.

Excellent problem-solving and troubleshooting skills.

Effective communication skills for technical and non-technical audiences.

Adaptability to new technologies and changing security landscapes.

Collaborative working with teams and cross-functional departments.

Commitment to continuous learning in disaster recovery concepts.

Preferred Education and Certification:

Master's degree in Cybersecurity, Information Technology, or a related field.

Advanced certifications like Certified Information System Security Specialist (CISSP), Certified Information Security Auditor (CISA), or Certified Information Security Manager (CISM).

<!– job description page –>