Join to apply for the Governance, Risk and Compliance Analyst role at Vista.
Job Profile
We are seeking a dedicated and detail-oriented Governance, Risk and Compliance (GRC) Analyst to join our team. In this role, you will ensure compliance with regulatory obligations, align with frameworks and security standards, and manage IT risk across the organization and supply chain. You will collaborate with cross-functional teams and work closely with external vendors, auditors, and clients to embed GRC practices, maintain security controls, and ensure adherence to frameworks and policies.
Your Responsibilities
* Maintain and improve our Information Security Management System (ISMS).
* Monitor compliance with security frameworks.
* Support the IT and Information Security policy lifecycle.
* Maintain the IT Security risk register.
* Manage risk and track risk mitigation across teams.
* Conduct security reviews and risk assessments of suppliers and partners.
* Complete audits for clients and coordinate with audit teams.
* Audit internal processes for compliance.
* Work with the Privacy Analyst on DPIAs, RoPAs, and data subject workflows.
* Maintain the GRC platform and security awareness training platform.
* Assist in creating and maintaining metrics on control effectiveness and maturity.
* Stay updated on relevant frameworks and regulatory requirements.
Required Skills, Qualifications, and Experience
* Bachelor’s degree in Information Security or related field; relevant certifications (e.g., ISO27001 Lead Implementer, CIPP, CRISC) are a plus.
* At least 2-3 years of experience in GRC, Information Security, or related fields.
* Experience with GRC platforms like OneTrust is advantageous.
* Knowledge of risk management methodologies and frameworks such as CIS 8.0, ISO 27001, NIST CSF, GDPR, NIS2.
* Experience with audits, privacy breach investigations, and legal/regulatory interpretation.
* Ability to guide teams on privacy standards and compliance.
* Exposure to cloud environments and AI systems risk controls is a bonus.
* Strong understanding of privacy laws like GDPR, CCPA.
Seniority level
* Associate
Employment type
* Full-time
Job function
* Information Technology
Industries
* Airlines and Aviation
#J-18808-Ljbffr