GRC (Governance, Risk & Compliance) Analyst

ABOUT US

Syniti is an innovative, global leader in Enterprise Data Management. With smart and powerful resources like our award-winning software platform and premier consultants, Syniti helps the world’s top enterprises create unique advantage and value with their data. Whether the goal is bringing new products to market faster, accelerating time-to-value for a new ERP system or corporate acquisition, powering new AI/ML initiatives, or increasing profitability by eliminating inefficiencies, Syniti ensures your business’s data is a high-performing and trusted asset. Syniti is also a preferred data solution used by the world’s top system integrators, and a portfolio company of BridgeGrowth Partners LLC. Headquartered in Boston, Massachusetts with offices in 25 countries around the world, Syniti operates in all global regions and industry verticals, and maintains a 100% client success rate across thousands of complex data projects and initiatives.

The ROLE

The GRC Analyst will be a key member of the technical team responsible for global governance, risk, and compliance at Syniti with a strong focus on completing security questionnaires on behalf of Syniti. This individual will work closely with the engineering, product, legal, customer success, marketing and sales teams, as well as internal and external auditors to promote security and compliance best practices and provide comprehensive data governance. They will have responsibility as a technical resource across the larger organization and external partners.

[ This role has been designated as a remote position allowing qualified talent throughout the listed country to be considered for the opportunity. ]

WHAT YOU WILL DO

• Review and respond to customer questionnaires, legal reviews of contracts or security addendums, and assist sales team with RFI and RFP work as needed.
• Maintain system of information for security relevant documentation under guidance of GRC Manager.
• Participate in cyber security risk assessments; identify, investigate, and document potential security exposures; propose control activities or solutions to mitigate risk including compensating controls; assist with implementing approved procedures and products.
• Identify and evaluate risks to technology and architecture to ensure security and compliance with corporate policies, standards, and applicable frameworks and regulatory requirements; collaborate with business to implement controls and secure solutions.
• Participate in Third Party Risk Management (TPRM) for critical and non-critical vendors and provide guidance to the respective teams on implementation.
• Champion, train and initiate cyber security awareness and education for staff.
• Assist in Management of Awareness campaigns.
• Maintain industry awareness and knowledge in core cyber security & risk topics by participating in professional associations, attending educational workshops, reviewing professional publications, and self-learning opportunities.
• Review and assess new vulnerabilities through documented process.
• Other duties as assigned.

WHAT IT TAKES

• 1+ years in cybersecurity
• Strong written and verbal communication skills.
• Knowledge of ISO 27001:2013, 27002, NIST 800-53, and SOC 2 frameworks.
• Familiarity with PCI-DSS, HIPAA, GDPR, CCPA, FedRAMP, International Privacy Requirements including EU Privacy and Safe Harbor.
• Demonstrated understanding of agile and DevOps secure software development lifecycle and ability to distinguish the core inputs and outputs in each cycle.
• Working knowledge of cloud architectures and platforms such as AWS/Azure/GCP.
• Ability to work professionally with internal stakeholders, auditors and customers.
• General proficiency and knowledge of cybersecurity tools such as SIEM, vulnerability management, EDR, anti-malware, NIDS/HIDS, firewalls, and others.
• Ability to demonstrate critical thinking, problem solving, and decision making with professional poise.
• Ability to self-motivate and work independently.
• Ability to work with people from many different disciplines and cultures with varying degrees of technical aptitude.
• Attention to detail and a thorough approach to problem-solving.
• Able to quickly synthesize business and cyber security intersecting needs; ability to prioritize competing projects.
• Ability to work autonomously on multiple projects with a geographically distributed team.

Nice to have:

• Certifications in cyber/information security, audit, or risk management such as: CISA, CGEIT, CRISC, CISSP, ISO 27001:2013 Lead Auditor/Implementer or related.
• Familiarity with cloud architectures and services and common cybersecurity risks.
• Experience performing internal or external audits.

WHAT WE OFFER

• Trust that you are good at what you’re doing. At Syniti you will find a supportive environment and access to learning tools, but micromanagement is not our thing.
• Growth. We are growing rapidly and steadily solving the biggest challenges enterprise companies are faced with today. There was never a better time to join and grow with us. Most importantly you will have the chance to shape our journey and share in our success story.
• Support. We all rely on each other and enable each other to be successful. You won’t stand alone.
• Curiosity and genuine interest in you. We all have our different stories, all equally fascinating with each depicting a different journey and we want to hear them all.
• Recognition. We are the sum of individual achievements and we always take the time to celebrate them.
• An open organisation. Hierarchies are not our thing and access is something we make sure of across the board. We are a family where everyone is just as important, everyone’s work is seen and ideas valued.