Job Information
PSI Services Information Security & Compliance Analyst (12 mo. contract) in Olympia, Washington
Description
Title: Information Security & Compliance Analyst - 12 mo. contract
Location: US Remote
About PSI
We are PSI Services. We power world leading tests. Delivered with trusted science and the very best test taker experience. PSI supports test-takers on their journey to pursuing dreams and gaining certifications that are important to them. They believe that their dreams are worth working for; that their dreams are worth the effort. And we believe that too. This is our core purpose, to empower people to achieve their dreams. We do this by being the best provider of workforce solutions, which foster both technology and science to deliver the best solutions for our test takers.
We are searching for top talent to join our PSI team and help grow our products and services. We have a creative, supportive and inclusive culture where we empower people in their careers to be their authentic self and make the most of their great talent.
At PSI, we are committed to helping people meet their potential and we believe that promoting diversity, equity and inclusion is critical to our success. That’s why you’ll find these ideals are intrinsic to our company culture and applied throughout the employee lifecycle.
Learn more about what we do at: _https://www.psiexams.com/_
About the Role
The Information Security, Governance, Risk and Compliance Analyst role works collaboratively with stakeholders across the business on various activities related to Quality, Environmental Sustainability, Business Continuity, Information Security and Privacy with the aim of ensuring compliance with ISO, SOC2, NIST, PCI and other industry standard frameworks.
This role will collaborate with process owners, internal auditors, external auditors, and other stakeholders in order to assist in reviewing, monitoring, and resolving findings.
This includes helping the team manage ISO27001, SOC 2, ISO14001, ISO22301, ISO9001 Compliance programs.
By supporting the implementation of internal and external assessments, responding to and managing the full lifecycle of compliance audits, and ensuring compliance with existing and emerging regulations and standards including SOC2, ISO 27001, NIST CSF, PCI, SOX, and other GRC activities, the GRC Analyst will also contribute to the transformation of the company’s compliance program.
This is a full time, permanent position, Monday to Friday with flexible hours around a standard 0900-1700. The role can be performed remotely, with occasional travel to offices and test centres globally to support with audits.
Role Responsibilities
Manage risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with agreed standards.
Manage and support internal and external audits
Support the continuation of ISO 27001, ISO 9001, ISO 14001, ISO 22301, SOC2 and PCI certifications.
Support the development and maintenance of the Global ISMS Management Committee, including governance related responsibilities.
Maintain and monitor a central repository for audit evidence.
Inform the proper stakeholders of important concerns and hazards
Maintain up-to-date knowledge of procedures and methods that serve to broaden team knowledge and industry expertise
Supporting the development, documentation and maintenance of policies, procedures, and standards across the organisation, ranging from Information Security and Data Protection to Quality Management and Environmental Management.
Assist the department in responding to inquiries from the business units about ongoing operational compliance
Be proactive in seeking out areas for improvement and offer insightful advice and value-added guidance on process and control enhancements
Share information with managers to avoid surprises, draw attention to problems, and guarantee delivery on time
Champion Compliance by promoting and developing awareness of different security and compliance risks and best practices across the company.
Assist with the development of GRC related newsletters and training.
Knowledge, Skills and Experience Requirements
2+ years of direct experience in Governance, Risk & Compliance
1+ year expertise conducting ISO 27001 and SOC 2 audits, as well as handling audit responses
Thorough understanding of regulatory compliance requirements (ISO27001,ISO22301, SOC 2 , NIST, FedRamp, CMMC, PCI, GDPR, etc.)
Knowledge of GRC tool techniques and best practices (ZenGRC, OneTrust, Archer)
Proven track record of organizing and carrying out several risk and compliance projects
Ability to successfully manage third-party audits, compile evidence, and organize audit responses
Keen attention to detail
Effective written and verbal communication skills and the capability to communicate with cross-functional teams
Proven analytical and problem-solving abilities for managing initiatives that advance corporate goals
Certifications (Preferred):
GRC Professional (GRCP)
Certified in Governance, Risk & Compliance (CGRC)
Certified in Cybersecurity (CC)
Benefits & Culture
At PSI, our culture is to be transparent and fair. That’s why all of our roles have been benchmarked at a competitive rate against the local market they are based in. To be transparent all of our adverts now include the salary so you can see if we align with your expectations when looking for your next role.
In addition to a competitive salary, we offer a comprehensive benefits package and supportive culture when you join us. This includes;
401k/Pension/Retirement Plan – with country specific employer %
Enhanced PTO/Annual Leave
Medical insurance – country specific
Dental, Vision, Life and Short Term Disability for US
Flexible Spending Accounts – for the US
Medical Cashback plan covering vision, dental and income protection for UK
Employee Assistance Programme
Commitment and understanding of work/life balance
Dedicated DE&I group that drive core people initiatives
A culture of embracing wellness, including regular global initiatives
Access to supportive and professional mechanisms to help you plan for your future
Volunteer Day and a culture of giving back to our community and industry through volunteering opportunities
Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities
The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information. 41 CFR 60-1.35(c)