Bswift is seeking a skilled and experienced GRC (Governance, Risk, and Compliance) Analyst to join our team. The ideal candidate will have a strong background in enterprise risk management, third-party risk management, cybersecurity metrics and KPIs, business continuity / disaster recovery, and SOC2 compliance controls. As a GRC Analyst, you will play a crucial role in ensuring the organization's adherence to regulatory requirements, identifying and mitigating risks, and maintaining an effective and compliant GRC framework.

In the first six months, you will:

Conduct Enterprise Risk Assessments to identify and evaluate key operational, financial, and Technology risks, ensuring alignment with industry best practices and regulatory standards.

Contribute to the development of the Third-Party Risk Management program and collaborate with cross-functional teams to assess third-party vendors and perform due diligence to manage third-party risks effectively.

Contribute to the development of information security metrics and KPI’s. Monitor and analyze information security metrics and KPIs to assess the effectiveness of security controls, identify trends, and make recommendations for improvement.

Assist in the development and implementation of business continuity and disaster recovery plans, ensuring the organization's ability to respond to and recover from potential disruptions.

Conduct audits and assessments to evaluate compliance with relevant regulations, industry standards, and internal policies, including SOC compliance.

Prepare comprehensive reports and presentations that effectively communicate risk assessment findings, compliance gaps, and recommended remediation actions to stakeholders and senior management.

Collaborate with internal teams to develop and enhance policies, procedures, and controls to mitigate identified risks and ensure ongoing compliance.

Stay up to date with industry trends, emerging risks, and regulatory changes to proactively identify potential impacts on the organization's GRC program.

Develop and maintain an understanding of the organization's business processes, systems, and technologies to identify potential risks and compliance gaps.

Support the development and implementation of training programs and awareness initiatives to foster a strong culture of risk management and compliance throughout the organization.

Required Experience you have:

Minimum of 5 years of experience as a GRC Analyst, with a focus on enterprise risk management, third-party risk management, information security metrics and KPIs, business continuity and disaster recovery, and SOC2 compliance.

Strong knowledge of relevant regulatory requirements and industry standards (e.g., GDPR, HIPAA, ISO 27001, NIST Cybersecurity Framework).

Experience conducting risk assessments and developing risk mitigation strategies.

Proficiency in analyzing and interpreting cybersecurity metrics and KPIs to drive actionable insights and improvements.

Solid understanding of business continuity and disaster recovery planning methodologies.

Working knowledge of SOC compliance and audit procedures.

Excellent analytical and problem-solving skills, with the ability to think critically and make sound decisions.

Strong communication skills, including the ability to effectively communicate complex information to technical and non-technical stakeholders.

Preferred Qualifications:

Ability to work both independently and collaboratively in a fast-paced environment.

You have a willingness to learn and apply new skills and technologies

Familiarity with GRC frameworks and tools, such as RSA Archer, One Trust, MetricStream, or similar platforms.

Education:

Bachelor's degree in Business Administration, Information Systems, Cybersecurity, or a related work experience. Relevant certifications (e.g., CRISC, CISA, CISSP) are highly desirable.

In the spirit of pay transparency, we are excited to share the base salary range for this position is $75,000-$130,000 exclusive of fringe benefits or potential bonuses. If you are hired at bswift, your final base salary compensation will be determined based on factors such as geographic location, skills, education, and/or experience. In addition to those factors – we believe in the importance of pay equity and consider internal equity of our current team members as a part of any final offer. Please keep in mind that the range mentioned above is the full base salary range for the role. Hiring at the maximum of the range would not be typical in order to allow for future & continued salary growth. We also offer a generous compensation and benefits package!