Governance Risk & Compliance Analyst (ISO 27001)

Position Summary

Join one of J. J. Keller's fastest growing business units as we protect people and the businesses they run! This NEW position will support the implementation and maintenance of governance, risk and compliance processes that will protect client data and system integrity for our Managed Services team.  This position is part of the Managed Services Technology team but also works closely with our corporate Risk & Compliance team, IT team, and other technology-based teams across the company. 

This role can work 100% remote in the US, on-site at our Corporate Campus in Neenah, WI or hybrid. Our organization is over 80% remote, so you can join and work remote and be part of a remote-first team. 

Job Responsibilities

• Works with business unit leaders to develop and maintain ISO and SOC controls and related artifacts.  Continuously improves the framework, methodology, standards, and system of internal controls.
• Conducts internal audits of controls to assess compliance with data security and privacy policies, procedures, standards, and/or regulations. 
• Develops and performs tests to evaluate the design and effectiveness of key controls necessary for compliance.
• Reviews test findings, identifies control weaknesses, presents results, and recommends remediation actions.
• Supports issue management, risk acceptances, and corrective action plans.
• Supports corporate audits (internal and external) by fulfilling requests for documentation and participating in audit meetings. Reports on findings, tracks status, and ensures corrective actions are complete and sustainable.
• Assists with preparing and maintaining Business Impact Analysis documents for the business unit.  Supports risk identification & assessment, response & mitigation, control monitoring & reporting.
• Coordinates disaster recovery testing for the business unit.  Participates in corporate disaster recovery and business continuity assessments/activities.
• Performs security and compliance assessments on new and existing systems, processes, and technology.
• Assists with the preparation of data security questionnaires from customers.
• Monitors system maintenance, upgrades, and end-of-life timelines. Coordinates appropriate activities to remove expired systems from documentation and servers.
• Supports vendor audit/maintenance process and helps lead and define overall third-party risk management efforts.

Qualifications

Experience:

• 3+ years’ analyst experience in risk management or information security.
• ISO 27001 experience with the 2013 standard is required.
• ISO 27001 experience with the 2022 standard is desirable.

Education:

• Bachelor’s degree in a business-related field; preferably information security.

Other Skills/Qualifications:

• Knowledge of information security, disaster recovery and business continuity planning.
• Ability to interpret technical documentation into system overview documents.
• Effective in working across organizational boundaries.
• Strong ability to work independently and meet deadlines.
• High attention to detail and strong analytical skills.

Benefits

• Medical / Dental / Vision Insurance
• Annual Reviews, Merit Increases + Quarterly Bonus Program
• 401(k) with Employer Match + Annual Profit Sharing
• 17 PTO Days + 8 Paid Company Holidays + 1 Paid Floating Holiday
• Work/Life Balance & Flex Time
• Annual Learning & Development Subscriptions  
• Free Onsite Wellness Clinic for those associates near our corporate office + free telehealth coverage for all associates regardless of where you live
• Free access to FLEX by Fitness on Demand providing 24/7 access to online workout videos
• Strong company culture that fosters internal growth and development
• Computer Equipment Provided for Home Office