IT-GRC Analyst

• Understand Blackbox Internal Business services and review proposed customer contracts for compliance, risks privacy, security and regulatory issues
• Coordinate external & Internal audits of the Blackbox IT environment and collate evidence submitted by technical team
• God understanding of security concepts, drivers of risk and mitigation control, BCP, DR, Risk Management 3rd party vendor Audits and Management, policies and procedure writing and evaluations, IT - general and application controls
• Develop and maintain both continuous and spot check, autonomous and manual audit processes
• Educate users on IT controls processes and play an advisory role internally.
• Perform end - to end contracts evaluation for risk, compliance, and security evaluations and expectations.
• Report on compliance results & metrics to executive teams
• Provide continual improvement objectives to better align to external requests
• Build a strong knowledge and understanding of systems and processes
• Assist in development of data governance processes and RACI
• Review and update internal corporate Policies based on Industry best practices and Regulatory requirements
• Understand and document Data workflows and lifecycles
• Establish Processes to improve the life cycle Management of Contracts
• Possess experience or good knowledge on IT controls mapping as per global standards.

• Strong familiarity with risk, compliance, and audit frameworks and the various ways they are applied in IT environments
• Understanding of Global data privacy and security regulations - like GDPR, CCPA etc. both at global and US state levels for data privacy laws and requirements.
• Ability to scope, assess, and revise contracts and suggest edits based on business drivers and compliance needs.
• Ability to find root causes of control failures and mitigate risks accordingly
• Ability to create and maintain policies, procedures and guidelines for the Company and maintain its lifecycle in SharePoint
• Ability to educate the company employees and respond to policy related queries.
• Ability to implement controls in a diverse technical and geographically distributed environment to mitigate risk
• Ability to convince a highly varied audience to follow prescribed controls
• Comfort with presenting progress reports and results to senior leadership
• Understanding of process design and compliance terminology
• Ability to write and speak clearly, consistently, and concisely
• Ability to Multitask responses to multiple Contracts and meet given deadlines
• Ability to be self-driven, Motivated with end-to-end ownership on contracts management
• Excellent Audit Life Cycle Management skills, Expert use of Excel sheet, Word document management, PPT, ability to track documents versions, evidence etc.
• Excellent written and verbal communication skills and English language command.

• BA business or information technology or equivalent experience.
• Minimum 5 years or more of prior experience in IT-GRC domain like IT risk, auditing, Contracts evaluation, Data privacy, compliance evaluation etc. strongly preferred.
• Knowledge of working with US & Global regulations and compliance requirements like HIPAA, PCIDSS, GDPR and US state level laws like CCPA etc.

• Data Privacy Laws like GDPR, CCPA,
• PCIDSS, SOC2, HIPAA
• Security and Assurance standards like NIST 800-53 controls, NIST CSF, CIS controls, ISO 27001 standards

• CISA and/or CRISC and/or CGEIT
• ISO 27001 L.A or CISM or CISSP - Desirable.

Black Box