GRC Analyst

Job description

Connex Information Technologies is a leading Distributor provider of Technology services and solutions, helping organizations navigate complex growing landscapes. We are seeking a dedicated and detail-oriented GRC (Governance, Risk, and Compliance) Analyst with mid-level experience to join our team and help enhance our security posture.

Key Responsibilities:
• Assist in the development, implementation, and maintenance of GRC frameworks, policies, and procedures.
• Conduct risk assessments to identify, evaluate, and mitigate risks related to IT systems, security, and compliance.
• Support audits and assessments, ensuring compliance with industry standards such as ISO 27001, ISO 27701, GDPR, and other relevant regulations.
• Collaborate with internal teams to develop and enforce security controls, working closely with IT and security departments.
• Monitor compliance with internal policies and external regulatory requirements, identifying any potential gaps or areas for improvement.
• Assist in developing mitigation plans and follow up on risk remediation efforts.
• Maintain accurate and up-to-date documentation related to risk management and compliance activities.
• Participate in security incident management and response, ensuring that all incidents are properly logged and investigated.
• Stay updated on evolving regulations, compliance trends, and cybersecurity threats to provide informed recommendations for continuous improvement.

Required Skills and Qualifications:
• 3-5 years of experience in a GRC role or similar, with a focus on information security and compliance.
• Strong understanding of frameworks such as ISO 27001, ISO 27701, NIST, and other relevant standards.
• Experience conducting risk assessments, internal audits, and compliance reviews.
• Familiarity with data protection laws such as GDPR and experience ensuring regulatory compliance.
• Solid understanding of security controls and risk mitigation strategies.
• Strong analytical, organizational, and communication skills.
• Ability to work independently and as part of a cross-functional team.
• Professional certifications such as CISA, CRISC, ISO 27001 Lead Implementer/Auditor, or equivalent are a plus.
• Bachelor’s degree in Information Security, IT, Business Administration, or related field.

What We Offer:
• Competitive salary and benefits package.
• Opportunity for growth and professional development in a rapidly evolving industry.
• Dynamic and inclusive work environment where your ideas are valued.
• Exposure to cutting-edge technologies and high-impact projects.