Description
As a leading financial services and healthcare technology company based on revenue, SS&C is headquartered in Windsor, Connecticut, and has 27,000+ employees in 35 countries. Some 20,000 financial services and healthcare organizations, from the world's largest companies to small and mid-market firms, rely on SS&C for expertise, scale, and technology.
Job Description
GRC Analyst is responsible for supporting Information Security Management System processes and support SS&C's ISO 27001 and SOC-2 certifications. With minimum 3 years' experience in GRC domain. Further, this role supports:
ISMS Program
- Contribute to document IS Policies and SOPs
- Maintain CAPA (Corrective and Preventive Actions) process to remediate Audit findings
- Generate reports to provide status of CAPA items
- Manage Client Audit CAPA
- Able to develop and implement IS metrics
Respond to Security Questionnaires, RFI and RFP Tracking and managing remediation plans for Internal and Client audits Maintain GRC tools like Archer and ServiceNow Co-ordination of Client Audits and Client PenTest audits Be able to conduct Info Sec Risk Assessment
Responsibilities and Activities
Assist in the development and implementation of the ISMS program
Contribute to implementation of ISO Program Perform ISMS Internal Audits as required Follow up with Auditee to implement identified CAP and demonstrate improvement in Security processes. Effectively communicate and promote the objectives and processes involved in the ISMS framework. Develop Information Security Audit related Metrics and Dashboards Effectively interact with multiple stakeholders Participate in Client Audits Apply various quantitative and /or qualitative assessment methods to objectively evaluate achieved results Assist in facilitating creation, maintenance and tracking of ISMS standards and coordinating ongoing awareness, communication across the organization.
Required Knowledge & Skills
Comprehensive knowledge of ISMS (ISO 27001) standards and policies; Good documentation Skills Good written and effective Communication skills Knowledge of Information Security Risk Management, risk mitigation, RTP Demonstrated ability to work effectively with teams to meet critical deadlines; Ability to effectively lead diverse and distributed teams in a collaborative manner; Analytical and interpretive skills; Ability to coach and mentor in situations where experience or expertise can be transferred to others; Ability to accept responsibility and accountability, and demonstrate a good sense of judgment; Comprehensive experience in GRC tool like Archer or ServiceNow; Organizational and time management skills; Project Management skills Skills in preparing documentation, and delivering professional presentations; Proficiency with standard business software tools required to carry out the range of roles (such as Microsoft Office, JIRA, Visio, and Project);
Educational Qualifications
A Bachelor's degree in Computer Science or Technical related degree; Minimum of five years progressively responsible and diversified experience in a complex and multi-disciplined organization, in the areas of Information Security and project management practices and processes; Certification in ISMS (ISO 27001) is desired ISACA Certification like CISA is desired.
Unless explicitly requested or approached by SS&C Technologies, Inc. or any of its affiliated companies, the company will not accept unsolicited resumes from headhunters, recruitment agencies, or fee-based recruitment services.
SS&C Technologies is an Equal Employment Opportunity employer and does not discriminate against any applicant for employment or employee on the basis of race, color, religious creed, gender, age, marital status, sexual orientation, national origin, disability, veteran status or any other classification protected by applicable discrimination laws.
Apply on company website
Find Connections via Linkedin
