Participate in A-LIGN’s management system as it relates to information security standards (including, but not limited to, SOC 2, ISO 27001, NIST 800-53, NIST 800-171)
Manage the annual audit calendar.
Coordinate annual audit activities with both external and internal stakeholders.
Participate in internal and external audit activities.
Review and track identified non-conformities and opportunities for improvement resulting from audits.
Prepare regular compliance reports.
Review, update, and manage documentation in line with information security standards and corporate objectives.
Complete third-party questionnaires from clients
Support the vendor management process.
Participate in business continuity and disaster recovery planning and test execution.

Bachelor’s degree in management information systems, Information Security, Cybersecurity, Business or a related field or an equivalent combination of education and experience
At least 1 year of IT security, governance, risk, or compliance-related experience
Knowledge of security and risk frameworks
Preferred knowledge of SOC 2, ISO 27001, NIST 800-53, NIST 800-171
Preferred: Knowledge of GRC tools (OneTrust, RSA Archer, Oracle, etc.)
Preferred: CISA, CISM, Security+, CCSK, ISO Lead Auditor
Ability to meet deadlines with a high degree of motivation
Excellent critical thinking and problem-solving skills
Strong communication and organizational skills
Thrives in a fast-paced environment
Ability to work individually as well as collaboratively

GRC Analyst

Key skills