Cloud GRC Analyst

The purpose of the GRC Analyst role:

Governance, risk management, and compliance are three related facets that aim to assure an organization reliably achieves objectives, addresses uncertainty and acts with integrity.

Governance is the combination of processes established and executed by management that are reflected in the organization's structure and how it is managed and led toward achieving business goals.
Risk management is predicting and managing risks that could hinder the organization from reliably achieving its objectives under uncertainty.
Compliance refers to adhering to the mandated boundaries (laws and regulations) and voluntary boundaries (company's policies, procedures)


The GRC function conducts recurring activities with relevant stackeholders to follow up, maintain and improve compliance with the defined control environment.

The GRC Analyst role responsibilities will include:

Be the custodian, develop and maintain an effective policy and control framework
Manage and lead information security governance
Facilitate and own risk analysis and Cloud Services risk register
Support audit facilitation work when requested
Establish, monitor and continuously improve risk management procedures
Provide oversight and management of review and audit finding remediation, including generating requirements for full remediation
Providing feedback and suggestions on responses to findings, and tracking progress and providing status and updates to the management team


While the job description describes what is anticipated as the requirements of the position, the job requirements are subject to change based upon any changing needs and requirements of the business.
Required Skills:
Strong communication skills and able to keep a good relationship to internal and external stakeholders
Strong written and verbal English communication skills
Work independently, proactive and feel comfortable in taking difficult decisions
Experience in developing, documenting and maintaining GRC methodologies
Structured, analytical and persistent
Ability to work well under minimal supervision with lots of self-drive

Required Experience:
Qualifications for the GRC Analyst role:
Minimum of five years of work experience in a GRC role
Bachelor's degree in information systems or equivalent work experience
Certifications like CISA or similar are an advantage but not a requirement.
Knowledge of common information security management frameworks, such as SOC2, ISO 2700x, COBIT and ITIL is an advantage
Experience in developing, documenting and maintaining security policies, processes, procedures and standards

Kofax, Inc. is an Equal Opportunity Employer M/F/Disability/Vets