GRC Analyst, Information Security

The information security GRC analyst, reporting to the Director Information Security GRC, will support the implementation and maintenance of the organization’s Governance, Risk, and Compliance (GRC) program, with a strong focus on third party security compliance, security governance, and internal controls. This role will contribute to maintaining a formally structured, risk‑based security framework aligned with industry standards such as ISO 27001 and ISO 22301. The position requires a minimum of three years of information security experience in a similar position and excellent communication skills.

Essential Functions:

• Oversee the cybersecurity compliance program for third parties, including:
  • Managing requests from clients, prospects, auditors, cyber‑insurers, or others related to our security program, to ensure a timely and accurate response to security questionnaires and associated requests.