Governance, Risk and Compliance Analyst
Babel Street · Somerville, MA · Yesterday
Legal$80k–$125k/yrFull-time
Key Responsibilities
- Maintain compliance programs aligned with NIST CSF, CMMC, Cyber Essentials Plus, SOC 2, and ISO/IEC 27001.
- Cook up internal and external audits, assessments, and attestation activities.
- Collect, validate, and maintain compliance evidence and audit artifacts.
- Track audit findings and remediation activities through completion.
- Support control testing and validation to ensure ongoing compliance.
Governance & Risk Management
- Conduct security risk assessments and assist with enterprise risk management activities.
- Maintain risk registers, track mitigation plans, and monitor remediation progress.
- Aid in the development and maintenance of security policies, standards, procedures, and guidelines.
- Monitor security and compliance control effectiveness and identify opportunities for improvement.
- Support control mapping and crosswalk activities across multiple compliance frameworks.
Third-Party Risk Management
- Perform security reviews of vendors, suppliers, and third-party service providers.
- Track vendor assessment findings and remediation activities.
- Support ongoing monitoring of third-party security and compliance risks.
Customer & Regulatory Support
- Respond to customer security questionnaires, due diligence requests, and compliance inquiries.
- Support sales and customer-facing teams with security documentation and assurance materials.
- Aid in documenting compliance posture and security program maturity.
Program Administration
- Maintain GRC platforms and compliance repositories.
- Develop metrics, dashboards, and compliance reporting for management.
- Cook up annual security awareness, compliance, and policy review activities.
- Support continuous improvement initiatives across the security and compliance program.