Security Analyst, GRC

HireRight is the premier global background screening and workforce solutions provider. We bring clarity and confidence to vetting and hiring decisions through integrated, tailored solutions, driving a higher standard of accuracy in everything we do. Combining in-house talent, personalized services, and proprietary technology, we ensure the best candidate experience possible. PBSA accredited and based in Nashville, TN, we offer expertise from our regional centers across 200 countries and territories in The Americas, Europe, Asia, and the Middle East. Our commitment to get it right every time, everywhere, makes us the trusted partner of businesses and organizations worldwide

This role reports to the Senior Director, Governance Risk & Compliance and will primarily conduct cyber security audits and assessments that help ensure that the organization is compliant, and ready for, certification of its security program.  This is a position that requires strong communication and relationship building skills, as well as patience and attention to detail. 

• Prepare and conduct internal audits of the Information Security Management System (ISMS) and Privacy Information Management System (PIMS) in accordance with ISO 27001 and ISO 27701 requirements to support readiness for external audits.
• Develop and maintain an annual audit plan covering planned operational, ISMS, and PIMS internal audits.
• Track, monitor, and follow up on remediation actions resulting from internal audits, including those from both prior and current audit cycles, to ensure timely and effective closure.
• Perform periodic fraud risk assessments to identify, evaluate, and document potential fraud risks and control gaps.
• Review, update, and maintain internal information security policies on an annual basis to ensure ongoing alignment with regulatory, ISO, and organizational requirements.
• Continually reviews and improves the assessment methodology, process, and procedures.
• Work closely with partners in technology or other departments to identify, prioritize and remediate security compliance issues. 
• Performs ad-hoc compliance requests or additional duties as assigned

• BS, BA in Information Technology, Computer Science or other related Business/Technology/Analytical studies  
• Security+, CISA, CIPP,  ISO 27001 or similar certification a plus 
• Prior experience with cyber security, privacy, governance, risk & compliance (GRC), internal audit or other similar function
• Knowledge of ISO27001, ISO27701, or SOC2 Type II preferred.
• Experience interpreting industry and regulatory requirements and authoring supporting controls. 
• Experience performing third party assurance assessments; AuditBoard, OneTrust or similar platform experience a plus 
• Excellent client relationship and customer service skills, with a clear client focus. Note: nearly all customer facing interactions will require English proficiency in writing and speaking. 
• Strong Project Management Skills
• High degree of independence and exceptional work ethic with a team player
• Familiarity with core IT and Information Security Technologies 
• Exceptional interpersonal, written and oral communication skills 

HireRight offers a competitive benefit package which includes:

• Medical
• Dental
• Vision
• Paid Life/AD&D Insurance
• Voluntary Life Insurance
• Short & Long Term Disability
• Flexible Spending Accounts
• 401K
• Generous Vacation and Sick Program
• 10 Paid Holidays
• Education Assistance Program
• Business Casual Attire
• Generous Referral Program
• Employee Discounts and Rewards
• And much more!
• All resumes are held in confidence. Only candidates whose profiles closely match requirements will be contacted during this search.
  
  
  

HireRight, LLC is an Equal Opportunity Employer

Minorities / Females / Veterans / Disabilities

HireRight does not accept unsolicited resumes through or from search firms or staffing agencies. All unsolicited resumes will be considered the property of HireRight and HireRight will not be obligated to pay a placement fee

This job description in no way states or implies that these are the only duties to be performed by a team member’s occupying this position. Team members may be required to perform other related duties as assigned, to ensure workload coverage. Team members are required to follow any other job-related instructions and to perform any other job-related duties requested by their supervisor. This job description does not constitute an employment agreement between the employer and team member and is subject to change by the employer as the organizational needs and requirements of the job change. This job description is subject to change at any time.