Governance, Risk, and Compliance (GRC) Analyst

Choate is seeking a highly motivated and detail-orientated Governance, Risk, and Compliance (GRC) Analyst to join the Information Security team. The GRC Analyst will be responsible for supporting the development, implementation, and maintenance of the firm’s governance, risk management, and compliance program. The ideal candidate will have a strong understanding of regulatory requirements, risk management frameworks, and information security. They will have experience performing third-party risk assessments and will be familiar with the ISO 27001 certification.

Job Functions:

• Assist with continued development and enhancements to the firm’s governance, risk management and compliance program.
• Support the firm’s client’s by responding to information security assessments.
• Perform information security risk assessments on the firm’s third-party vendors and suppliers.
• Collaborate with the Information Security Director and other stakeholders to improve security procedures, training, IT processes, and the security of existing systems.
• Review and update the firm’s information security policies.
• Track and schedule activities related to certifying the firm’s Information Security Management System’s ISO27001 certification.
• Coordinate with other IT teams and other departments to perform risk assessments and track risk mitigation and remediation.
• Effectively communicates with stakeholders at all levels of the organization.
• Analyzes and reports on risk trends and metrics.
• Analyze client and stakeholder requirements in support of Business Continuity planning efforts.
• Support development of Business Continuity and Disaster Recovery plans and related documents in accordance with recognized standards and best practices.

Ideal Qualifications:

• Bachelor’s degree or equivalent experience in Information Systems Security or related field.
• 3+ years of relevant experience working in a related role.
• Certifications in relevant areas.
• Strong writing / documentation skills.
• Highly organized.
• Strong communication skills.
• Self-starter with the ability to work independently, while having good judgment as to when consultation is required.
• Ability to work on multiple projects and perform well under deadlines.
• Enthusiastic, flexible, willing to pitch in where needed.
• Strong drive to learn and grow in the cyber security field.

 Physical Requirements:

• Must have minimal physical mobility. Position may occasionally require standing, walking, reaching, and lifting up to 15 pounds.
• Must have the ability to operate equipment such as a computer and copy machine.
• Must have the ability to communicate clearly and to read and follow detailed instructions.
• Must have the ability to prepare assorted documents and other related materials.
• Must have the ability to work in stressful conditions under time deadlines.

Choate, Hall & Stewart LLP - Epicor HCM