Edtech.com's Summary

Concorde Career Colleges, Inc. is hiring a Governance Risk and Compliance Analyst who will oversee third-party and internal risk assessments to support enterprise information security and GRC initiatives. The role involves managing vendor due diligence, maintaining the risk register, collaborating on mitigation strategies, and enhancing the risk and compliance framework.

Highlights

Execute risk assessments aligned with the organization's risk management framework
Manage third-party onboarding and perform due diligence reviews
Maintain and update third-party inventory and enterprise risk register
Support development and refinement of risk management policies and controls
Lead risk assessments for regulatory compliance such as PCI DSS and GLBA
Develop and report KPIs and metrics for GRC initiatives
Assist risk committee operations and evaluate policy exception requests
Use GRC tools including Comply; preferred experience with automation and process improvement
Required qualifications include HS Diploma or GED, 4+ years in GRC or relevant fields, and experience with regulatory risk assessments
Strong knowledge of security controls, NIST frameworks, cloud-based tools, and regulatory standards (FERPA, GLBA, HIPAA, PCI, SOX)
Pay range: $87,000 - $105,000
Benefit offerings include tuition waiver, paid time off, retirement matching, paid parental leave, competitive insurance, and pet insurance

Governance Risk and Compliance Analyst Full Description

Overview:

The Governance Risk and Compliance Analyst oversee third-party and internal risk assessments to support enterprise information security and governance, risk, and compliance (GRC) initiatives. This position manages vendor due diligence, maintains an accurate risk register, partners with internal stakeholders on mitigation strategies, and drives continuous improvement of the risk and compliance framework.

Pay Range: $87,000 - $105,000

What We Offer:

Tuition Waiver: Enjoy a tuition waiver after 6 months of employment for you AND your immediate family offered at UTI and Concorde campuses
Paid Time Off: Competitive paid time off programs for employees (Vacation, Sick, Flexible)
Retirement Matching: 50% match on the first 6% of your contributions after 90 days
Paid Parental Leave: 4 weeks of paid leave for both birthing and non-birthing parents to bond with a new baby
Competitive Insurance: Health, vision, and dental coverage for you and your dependents
Pet Insurance: Competitive coverage for your furry family members through ASPCA
Health Plan Enrollment: Eligibility starts first of the month following completing one full month of employment

Responsibilities:

Execute comprehensive risk assessments aligned with the organization’s risk management framework to identify, evaluate, and prioritize potential threats
- Support the third-party onboarding process by assessing business criticality and evaluating the security posture of prospective vendors and partners
- Conduct periodic due diligence reviews of existing third-party relationships based on risk tiering, ensuring ongoing compliance and risk mitigation
- Collaborate with risk owners to develop, implement, and monitor mitigation strategies, while tracking progress and ensuring timely remediation
Maintain and continuously update the third-party inventory, ensuring accurate records of vendors, partners, and regulatory entities
Contribute to the enhancement of the organization’s risk management and compliance programs by supporting the development and refinement of policies, processes, and controls
- Stay informed on evolving risk and compliance standards, frameworks, and best practices, and recommend integration of relevant updates into internal processes
- Manage and maintain the enterprise risk register, ensuring timely updates and tracking of risk review cycles and deadlines
- Lead risk assessments required as part of regulatory and industry compliance efforts such PCI DSS and GLBA
Assist in the development and reporting of key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives
Support risk committee operations by preparing meeting materials, capturing minutes, and coordinating stakeholder updates
Evaluate policy exception requests in collaboration with Information Security team members, ensuring appropriate risk considerations are addressed
Drive process improvement and innovation by identifying opportunities to streamline workflows and automate manual tasks
Provide support across a range of GRC functions including security control testing, audit readiness, documentation of procedures, and compliance assessments
Other duties as assigned

Qualifications:
Education & Experience

HS Diploma or GED (required)
Bachelor's degree in information security, Computer Science, or another relevant field (preferred)
Minimum of four (4) years of experience in governance, risk management, compliance or another relevant field (required)
Experience conducting internal and external risk assessments, including those aligned with regulatory requirements such as GLBA and PCI (required)
Experience developing and tracking metrics and KPIs to evaluate risk and compliance performance (preferred)
Experience using GRC tools to streamline processes and improve efficiency; implementation experience (preferred)
Experience using Comply for GRC activities. (preferred)

Skills

Strong understanding of common security controls and alignment to key regulations and standards such as NIST, FERPA, GLBA, HIPAA, PCI, and SOX (required)
Strong understanding of risk management principles and common frameworks
Knowledge of cloud-based security tools and controls (e.g. Azure, O365, AWS)
Skilled in writing risk statements and maintaining an enterprise risk register
Proficiency with NIST frameworks for risk management and controls
Familiarity with regulatory and industry audits or assessments, including GLBA, PCI, SOX, and HIPAA
Communicate clearly and effectively with peers and stakeholders
Demonstrate active listening and empathy in interactions
Participate in presentations or facilitates small group discussions
Manage multiple tasks in a dynamic environment
Make timely decisions that keep the organization moving forward
Apply effective and efficient processes with a focus on continuous improvement
Build open and comfortable relationships with diverse groups
Learn actively from both successes and failures while solving new problems

Abilities

Able and willing to:
- Communicate, think, learn, and reason
- Use computers and computer systems (including hardware and software) to process transactions, store documents, enter data, or perform assigned tasks
- Safely ambulate and/or maneuver when on-site at Company locations
- Demonstrate and utilize active listening, inductive reasoning, information ordering and category flexibility
Ability to use good judgment, problem-solving and decision-making skills
Ability to maintain confidentiality and manage sensitive information with discretion
Ability to work in a fast-paced environment where deadlines are essential and multiple projects are worked simultaneously
Ability to gain, understand and apply information and data as it relates essential functions of the position
Ability to foster long-term relationships with stakeholders

Work Environment

- Work is performed indoors in a climate-controlled environment when on site at assigned company location. Employees must be able to safely ambulate when on company premises.
- This position is designated as Remote. Employees must meet minimum technical standards for eligibility and participation.
- No travel required

Original Job Description

Overview:

Pay Range: $87,000 - $105,000

What We Offer:

Tuition Waiver: Enjoy a tuition waiver after 6 months of employment for you AND your immediate family offered at UTI and Concorde campuses
Paid Time Off: Competitive paid time off programs for employees (Vacation, Sick, Flexible)
Retirement Matching: 50% match on the first 6% of your contributions after 90 days
Paid Parental Leave: 4 weeks of paid leave for both birthing and non-birthing parents to bond with a new baby
Competitive Insurance: Health, vision, and dental coverage for you and your dependents
Pet Insurance: Competitive coverage for your furry family members through ASPCA
Health Plan Enrollment: Eligibility starts first of the month following completing one full month of employment

Responsibilities:

Execute comprehensive risk assessments aligned with the organization’s risk management framework to identify, evaluate, and prioritize potential threats
- Support the third-party onboarding process by assessing business criticality and evaluating the security posture of prospective vendors and partners
- Conduct periodic due diligence reviews of existing third-party relationships based on risk tiering, ensuring ongoing compliance and risk mitigation
- Collaborate with risk owners to develop, implement, and monitor mitigation strategies, while tracking progress and ensuring timely remediation
Maintain and continuously update the third-party inventory, ensuring accurate records of vendors, partners, and regulatory entities
Contribute to the enhancement of the organization’s risk management and compliance programs by supporting the development and refinement of policies, processes, and controls
- Stay informed on evolving risk and compliance standards, frameworks, and best practices, and recommend integration of relevant updates into internal processes
- Manage and maintain the enterprise risk register, ensuring timely updates and tracking of risk review cycles and deadlines
- Lead risk assessments required as part of regulatory and industry compliance efforts such PCI DSS and GLBA
Assist in the development and reporting of key performance indicators (KPIs) and metrics to measure the effectiveness of GRC initiatives
Support risk committee operations by preparing meeting materials, capturing minutes, and coordinating stakeholder updates
Evaluate policy exception requests in collaboration with Information Security team members, ensuring appropriate risk considerations are addressed
Drive process improvement and innovation by identifying opportunities to streamline workflows and automate manual tasks
Provide support across a range of GRC functions including security control testing, audit readiness, documentation of procedures, and compliance assessments
Other duties as assigned

Qualifications:
Education & Experience

HS Diploma or GED (required)
Bachelor's degree in information security, Computer Science, or another relevant field (preferred)
Minimum of four (4) years of experience in governance, risk management, compliance or another relevant field (required)
Experience conducting internal and external risk assessments, including those aligned with regulatory requirements such as GLBA and PCI (required)
Experience developing and tracking metrics and KPIs to evaluate risk and compliance performance (preferred)
Experience using GRC tools to streamline processes and improve efficiency; implementation experience (preferred)
Experience using Comply for GRC activities. (preferred)

Skills

Strong understanding of common security controls and alignment to key regulations and standards such as NIST, FERPA, GLBA, HIPAA, PCI, and SOX (required)
Strong understanding of risk management principles and common frameworks
Knowledge of cloud-based security tools and controls (e.g. Azure, O365, AWS)
Skilled in writing risk statements and maintaining an enterprise risk register
Proficiency with NIST frameworks for risk management and controls
Familiarity with regulatory and industry audits or assessments, including GLBA, PCI, SOX, and HIPAA
Communicate clearly and effectively with peers and stakeholders
Demonstrate active listening and empathy in interactions
Participate in presentations or facilitates small group discussions
Manage multiple tasks in a dynamic environment
Make timely decisions that keep the organization moving forward
Apply effective and efficient processes with a focus on continuous improvement
Build open and comfortable relationships with diverse groups
Learn actively from both successes and failures while solving new problems

Abilities

Able and willing to:
- Communicate, think, learn, and reason
- Use computers and computer systems (including hardware and software) to process transactions, store documents, enter data, or perform assigned tasks
- Safely ambulate and/or maneuver when on-site at Company locations
- Demonstrate and utilize active listening, inductive reasoning, information ordering and category flexibility
Ability to use good judgment, problem-solving and decision-making skills
Ability to maintain confidentiality and manage sensitive information with discretion
Ability to work in a fast-paced environment where deadlines are essential and multiple projects are worked simultaneously
Ability to gain, understand and apply information and data as it relates essential functions of the position
Ability to foster long-term relationships with stakeholders

Work Environment

- Work is performed indoors in a climate-controlled environment when on site at assigned company location. Employees must be able to safely ambulate when on company premises.
- This position is designated as Remote. Employees must meet minimum technical standards for eligibility and participation.
- No travel required

Let me find your next job.

Thanks - you're signed up.

Governance Risk and Compliance Analyst

Edtech.com's Summary

Governance Risk and Compliance Analyst Full Description

Intake Specialist - Office of Equity and Compliance

Quality & Regulatory Affairs Analyst

Assistant Director, Safety and Compliance

Director of Security and Compliance

Governance and Compliance Senior Analyst