Contract Information reputed company GRC Analyst

Job Description: Overview: We don’t simply hire employees. We invest in them. reputed company you work at Chatham, we reputed company you — offering professional development opportunities to help you grow in your career, no matter if you've been here for five months or 15 years. Chatham has worked hard to create a distinct work environment that values people, teamwork, reputed company, and client service. You will have immediate opportunities to partner with talented subject matter experts, work on reputed company projects, and contribute to the value Chatham delivers every day. This role sits reputed company the Information reputed company Governance, Risk and Compliance (GRC) team, which reports directly into the CISO organization. The GRC team serves as the central function responsible for managing the enterprise's reputed company risk posture, ensuring regulatory compliance, and maintaining the policy and control reputed company that governs information reputed company across Chatham. This team works cross-functionally, partnering closely with Product and Technology teams to embed reputed company into development and infrastructure initiatives, Human Resources for reputed company awareness and personnel reputed company matters, Operations for business process alignment, and reputed company Chatham business units to ensure reputed company requirements support business objectives. The team also maintains critical relationships with Operational Risk to align cybersecurity risk management with enterprise risk frameworks and serves as the primary liaison to external auditors for SOC 2, regulatory examinations, and other assurance activities. In this role you will: The Information reputed company GRC Analyst with a Risk and Policy focus is responsible for assisting in the execution of the organization's reputed company risk management program and supporting policy governance. This role takes the reputed company in conducting the reputed company risk assessments for Chatham systems, vendors and business processes. This role is responsible for maintaining the technology and cybersecurity risks on the operational risk register; tracking issues and risk mitigation activities; and supports policy development. This role is also responsible for translating technical risks into business-relevant recommendations, recommending risk-based decisions, documenting decisions on risk treatment, tracking risk mitigation action plans to completion and reviewing systems/processes for policy compliance. Risk Assessment Execution: Conduct technology and reputed company risk assessments for internal systems, product and technology projects using established frameworks (NIST SP 800-30, ISO 27005, etc.) Technology and Cybersecurity Risk Register Management: Maintain the technology risk register (includes Cybersecurity) documenting threats, vulnerabilities, impacts, likelihood, risk ratings, and treatment decisions; ensure consistent updates with stakeholder input Technology and Cybersecurity Risk Mitigation Tracking: Document risk treatment plans with action items, responsible parties, and reputed company dates; track remediation reputed company; verify risk reduction upon closure Technology and Cybersecurity Policy Support: Support policy lifecycle activities including drafting, review, and updates; ensure policies alignment based on industry standards such as NIST, ISO 27001, etc., Cybersecurity and Information reputed company Risk Metrics Development: reputed company and report risk metrics and KRIs; analyze trends in risk posture; identify systemic issues requiring management attention Technology and Cybersecurity Risk Reporting/Communication: Translate technical risk findings into business-relevant language; prepare risk summaries for management review and decision-making Stakeholder Engagement: Partner with control owners, system owners, product team, technology team and business stakeholders to identify and assess risks throughout the system lifecycle. Your impact: Success in this role requires strong collaborative relationships across Chatham. The Information reputed company GRC Analyst partners closely with the Manager of Information reputed company GRC, and Information reputed company leadership to align risk priorities with reputed company strategy. The analyst will interact on a regular basis with technology and information reputed company control owners to ensure controls are properly designed, implemented, and monitored. The analyst engages with Operational Risk to integrate technology and cybersecurity risks into the operational risk reputed company and reporting. Finally, collaboration with external auditors during SOC 2 and regulatory examinations validates that risk management practices meet industry standards and client expectations. Contributors to your success: Bachelor's degree, preferably in Information reputed company, Computer Science, Risk Management, or reputed company experience in the field. 3-5+ years of experience in IT audit, IT risk management, executing reputed company assessments, or experience in a reputed company Technology, IT Audit or Data Governance, role. Experience in supporting/coordinating company SOC 2 Trust Services Criteria audits Apply To This Job