GRC Analyst - SOX compliance / RSA Archer / OneTrust / UpGuard

at  Latitude

• GRC Analyst opportunity focused towards SOX compliance frameworks
• Work with a leading company who are expanding their presence Nationally
• Flexible hybrid working conditions on offer
  We have a rewarding new permanent opportunity available for a Governance, Risk, and Compliance Analyst (GRC & SOX Analyst), to join a supportive and growing technology team based in Sydney, New South Wales.
  This is a mid-senior level position, and the GRC Analyst will have hybrid working conditions on offer, ideally with work onsite for 3 days a week, collaborating with an internal team of passionate technology enthusiasts, and this new hire will be reporting directly the Technology Operations Manager.

IN THIS ROLE, YOU’LL BE RESPONSIBLE FOR DAY-TO-DAY RESPONSIBILITIES, INCLUDING:

• Overseeing and managing the risks associated with third-party vendors and suppliers.
• Updating and maintaining policy documentation across all Business Units.
• Participate in and support the implementation of SOX compliance and frameworks.
• Support the Corporate IT Operations function to manage risk and compliance processes, establish and enhance compliance frameworks and support policy frameworks to adhere to regulatory requirements.
• Leading the third-party vendor management program to identify and manage risks posed by third parties that the company works with.
• Maintaining and updating risk registers.
• Developing Enterprise risk dashboards and working on threat and risk assessments.
• Reporting key risks to Executive management.
• Promoting risk ownership across the organisation and business units.
• Collaborating with cross-functional teams to facilitate enterprise risk management, identify and analyse risks, develop risk mitigation strategies.
• Work with the internal GRC tools & platforms to continuously improve processes and implement and manage governance frameworks.
• Conducting information security audits, assessments, and reviews to ensure compliance with internal policies, standards, and external industry regulations.
• Developing and managing the cyber security awareness training program and identifying areas for improvement.
• Ensuring 100% compliance with safety regulations and promptly reporting potential breaches for corrective action.

SKILLS & EXPERIENCE REQUIRED TO ENHANCE YOUR SUCCESS IN THIS ROLE, INCLUDES:

• Hands-on experience in the field of Governance, Risk and Compliance, across Information and Cyber Security disciplines.
• Commercial experience working in Governance, Risk, and Compliance, with a primary focus on governance & compliance.
• Possess experience and exposure to SOX compliance and frameworks.
• Possesses a genuine interest and passion for Cyber and Information Security.
• Self-motivated and capable of taking ownership of this function, as this will be a lean technology team that you’ll be joining which requires a good sense of ownership and autonomy.
• Ability to provide guidance and add value to the other the company’s business units by presenting scenarios and influencing team members.
• Familiarity with key risk frameworks such as NIST, ACSC, ISO27001, PCI, ASD Essential Eight, SOCI etc.
• Understanding of the role of key audit reports, such as PCI and ISO27001.
• Previous experience working as a GRC Analyst or GRC Business Analyst with a compliance focus.
• Sound knowledge of information security tools and technologies, such as firewalls, antivirus, encryption, SIEM, vulnerability scanners, etc.
• Industry qualifications will be considered as additional advantage for your application (e.g., CISSP, CISM, CISA, ISO 27001 Auditor/Implementer, IRAP).
  If this role aligns with your career aspirations, please apply now for immediate consideration, as we are seeking to position a start date for this new position in mid-February 2024.
  Please kindly note, that to be considered for this role, you must be located in Australia and possess full work rights