Senior GRC Analyst

Skillable is a 100% remote and virtual tech company that’s modernizing the world of training. Come share your professional magic with highly talented, drive and fun colleagues who believe in the power of “skilling.” Experience what a true team focused on doing the right thing feels like! 

Our people and talent are what make us great and fun! We work together to create amazing solutions and experiences for our customers and their clients. We utilize our employees’ personal strengths to help our company grow and ensure our team is living their best, authentic life. We don’t just share our appreciation for our team members once a year with a branded mug—it’s shared on a daily basis. Our remote work environment blends the demands of work and life without the added pressure of commuting or feeling guilty about leaving early to visit the dentist. 

Come work with us and learn what teamwork and integrity blended with an emphasis on well-being and balance can do for your career! 

The Senior Governance, Risk and Compliance (GRC) Analyst is responsible for developing and upholding security policies, standards, and procedures that adhere to industry best practices and regulatory mandates. They will spearhead the application and enforcement of security governance frameworks. They will design and manage the implementation of automation processes to enhance trust, assurance, compliance and regulatory efforts. They will provide mentorship to team members, fostering a culture of continuous learning and growth within the security domain. 

Responsibilities

• Oversee the implementation and enforcement of security governance frameworks (e.g., ISO 27001, NIST CSF, COBIT). 
• Collaborate with senior leadership to define security objectives and ensure alignment with organizational goals. 
• Design and lead implementation of automation for trust, assurance, compliance, and regulatory activities. 
• Identify, assess, and prioritize security risks across the organization. 
• Develop and maintain a customer-facing trust center to transparently and accurately communicate the organization's audits, security practices, certifications, and compliance efforts. 
• Act as a point of contact for customers seeking additional information about the organization’s security and compliance programs. 
• Respond to customer inquiries and requests for additional documentation in a timely and professional manner. 
• Act as a liaison between technical teams, business units, and external stakeholders to address security, compliance, risk and accessibility needs. 
• Develop risk mitigation strategies and manage the security risk register. 
• Conduct regular risk assessments and security audits to evaluate and address vulnerabilities. 
• Develop relationships with internal risk owners to ensure …