Sr. Risk & Compliance Analyst - Neptune

Position Summary

As Governance, Risk & Compliance Analyst, you will be responsible for ensuring the organization is effectively designing, developing, and implementing security compliance controls and solutions. You will engage with stakeholders across the enterprise on all aspects of security and governance, management of policies, implementation and monitoring of controls, and management of remediation activities. The position will work closely with Information Technology, Security and Cloud Operations, and Software and Hardware Development teams, along with the business to ensure there is a consistent and common approach to implementation of security and compliance management activities.

Responsibilities:

Policy and Governance

• Develop and maintain information security policies, standards, procedures, and guidelines in accordance with the overarching Information Security Risk Framework
• Collaborate with Neptune departments to ensure security policies and procedures are properly interpreted and implemented
• Develop and report security risk and compliance metrics for the enterprise, departments, processes, and individual assets
• Collect and manage monthly security and risk KPI data; analyze and facilitate discussion with the business areas

Data / Risk Management

• Design and implement risk management processes, including but not limited to, risk intake, risk reviews, risk registers
• Work within organization to gain enterprise acceptance of annual security risk assessment processes
• Engage cross-functional teams to deliver on the enterprise’s data privacy, management, and retention policies
• Conduct organizational data audits to determine data maintained, retained, and classified and ensure data strategy practiced

Compliance

• Support ongoing compliance activities and monitoring efforts across applicable Regulations and Standards (e.g. SOX, GDPR, SOC2, etc.)
• Engage process and control owners to map compliance standards, evaluate deficiencies, investigate root causes, and track execution until remediation
• Coordinate with internal and external audit teams to fulfill requirements and obligations

Security/Cloud Operations

• Collaborate with cross-functional teams to implement compliance initiatives and security controls
• Monitor and track activities related to control remediation or corrective action Partner with business and IT teams to develop and deliver risk mitigation plans, implement additional control activities, or document risk acceptance

Requirements

Education/Experience:

• Typically requires a bachelor's degree (or international equivalent) and 3+ years of relevant experience

Preferred Qualifications:

• Bachelor's degree required, preferably experience in cybersecurity, computer science, information systems, or equivalent
• 3+ years of IT Risk Management, or IT Compliance experience
• 2+ years hands-on experience with IT data management and data classification
• Exceptional planning, organization, communication, presentation, multitasking, prioritization, and business analysis skills
• Extensive knowledge and understanding of IT regulatory control frameworks (ITIL, COBIT, etc.)
• Possess strong working knowledge of information security standards and frameworks (NIST, ISO, SOC, etc.)
• Experience working with outsourced organizations and third-party vendors preferred
• Advanced written and verbal communication skills
• Strong interpersonal skills
• Strong analytical skills and the ability to understand and document complex business process data flow

Travel Requirements: Typically requires overnight travel less than 10% of the time

Location: Tallassee, AL, Duluth, GA

#HP1

Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c) Information Systems