Security Governance, Risk & Compliance Analyst

About this Opportunity:

As a Security Governance, Risk & Compliance Analyst, you will support the Security and Governance department by maintaining and enforcing security and privacy policies, ensuring that they meet regulatory compliance requirements. As we continue to evolve and live our Orion values, we are looking for someone to grow with us.

For Internal and External Candidates:

Candidates must work in-office at the following location for at least 3 days per week: Lehi, UT

In this role, you'll get to:

• Assist the Deputy Information Security Officer with policy enforcement and procedures review throughout the organization, including general security policies, manuals, and associated exception processes.

• Manage the Information Security Management System (ISMS) policy. Review and make updates as appropriate. Perform and maintain records of the review processes contained therein to achieve ISO 27001 compliance.

• Assist in the development and maintenance of any information security polices ancillary to the ISMS.

• Ensure Information Security SOC Controls are effectively managed and completed appropriately.

• Complete due diligence requests from both internal and external sources.

• Manage SaaS solutions utilized by the GRC team.

• Perform information security risk assessments on third party partners (eg. vendors, suppliers, etc.)

• Participate in all information security audit initiatives (e.g. ISO, SOC, etc.)

• Assist in enterprise-wide regulatory compliance initiatives.

• Engage business units to ensure governance and compliance policies and practices are followed and documented.

• Assist in the development, maintenance, and use of organizational-level security frameworks for incident response, business continuity and disaster recovery.

• Support the GRC program and promote a culture of security awareness throughout the organization.

We're looking for talent who have:

• 5 years of experience in Information Technology, with at least 3 years in Information Security required

• Knowledge of security frameworks and compliance regulations. (ISO, SOC, NIST, GDPR, CCPA)

• Ability to work with various departments to develop controls and procedures which meet the security and regulatory requirements of the organization.

• Knowledge of enterprise security programs and the ability to support the business needs and balance them with security and regulatory requirements.

• One of the following certifications or the ability to obtain within twelve months: CISSP, CCSP, CISA, CISM.

• Ability to interface and collaborate with all areas of the organization

• Owns and manages relationships with stakeholders directly and work effectively with people at all levels in an organization

#LI-AP1

#LI-Onsite

#LI-Hybrid

Salary Range:

$87,448.00 - $133,873.00

The pay listed in this posting indicates the estimated pay at the time of this posting; however, may vary depending on geographic location, job-related knowledge, skills, and experience. In addition, Orion offers a competitive benefits package which includes health, dental, vision, and disability coverage on day one, 401(k) plan with employer match, paid parental leave, pet benefits including pawternity leave and pet insurance, student loan repayment and more.

About Us

At Orion, we achieve our best work when we support one another, staying personally accountable to each other and the clients we serve. We create a welcoming environment where everyone is respected, valued, and heard. Our commitment to create raving fans ensures we consistently exceed client expectations. Thinking differently is in our DNA-we innovate always, push boundaries, and reject the status quo to deliver transformative outcomes. Together, we support one another and see it through to success, driving our collective achievements and those of our clients.