Governance Risk & Compliance Analyst (ISO 27001)

 Requisition #: 19465
Functional Area: Audit/Risk/Compliance; Data Analytics; Software Development
Employment Type: Full-Time
Work Options: Remote / Work from Home in the US #LI-Remote
Work Hours: Standard Business Hours; 8:00am - 4:30pm CST

Position Summary

• Join one of J. J. Keller's fastest growing business units as we protect people and the businesses they run! This NEWLY created exciting position will support the implementation and maintenance of governance, risk and compliance processes that will protect client data and system integrity for our Managed Services team.  
• This position is part of the Managed Services Technology team but also works closely with our corporate Risk & Compliance team, IT team, and other technology-based teams across the company. 
• This role can work 100% remote in the US, on-site at our Corporate Campus in Neenah, WI or hybrid. Our organization is over 80% remote, so you can join and work remote and be part of a remote-first team. 

Job Responsibilities

• Works with business unit leaders to develop and maintain ISO and SOC controls and related artifacts. Continuously improves the framework, methodology, standards, and system of internal controls.
• Conducts internal audits of controls to assess compliance with data security and privacy policies, procedures, standards, and/or regulations. 
• Develops and performs tests to evaluate the design and effectiveness of key controls necessary for compliance.
• Reviews test findings, identifies control weaknesses, presents results, and recommends remediation actions.
• Supports issue management, risk acceptances, and corrective action plans.
• Supports corporate audits (internal and external) by fulfilling requests for documentation and participating in audit meetings. Reports on findings, tracks status, and ensures corrective actions are complete and sustainable.
• Assists with preparing and maintaining Business Impact Analysis documents for the business unit. Supports risk identification & assessment, response & mitigation, control monitoring & reporting.
• Coordinates disaster recovery testing for the business unit. Participates in corporate disaster recovery and business continuity assessments/activities.
• Performs security and compliance assessments on new and existing systems, processes, and technology.
• Assists with the preparation of data security questionnaires from customers.
• Monitors system maintenance, upgrades, and end-of-life timelines. Coordinates appropriate activities to remove expired systems from documentation and servers.
• Supports vendor audit/maintenance process and helps lead and define overall third-party risk management efforts.
   

Qualifications

Experience:

• 3+ years’ analyst experience in risk management or information …