Job Summary:

Grazitti Interactive is seeking a results-driven Compliance Analyst to lead Governance, Risk, and Compliance (GRC) programs within our Information Security Group.

This role will serve as a strategic partner to the business, responsible for ensuring compliance with global regulatory frameworks, strengthening risk posture, and managing audit readiness across the organization.

As a key member of the security leadership team, you will design and operationalize compliance strategies, influence security governance, and be a critical liaison for both internal and external stakeholders.

Key Responsibilities:

- Lead GRC Strategy: Develop and execute enterprise-wide GRC initiatives, aligning with ISO, NIST, COBIT, and other global frameworks.

- Regulatory Compliance: Ensure adherence to regulatory requirements including GDPR, HIPAA, SOX, CCPA, and ITGC.

- Audit Leadership: Serve as the primary point of contact for internal and external audits.
- Lead audit planning, evidence collection, stakeholder coordination, and closure activities.

- Risk Management: Perform organization-wide risk assessments, maintain risk registers, and recommend mitigation strategies in line with ISO31000.

- Policy Development: Draft, implement, and enforce information security and compliance policies across IT and SaaS environments.

- Controls & Governance: Establish, document, and monitor internal controls using COSO, COBIT, and ITIL frameworks.

- Incident Preparedness: Develop and test incident response plans, and lead resolution and documentation efforts.

- Training & Awareness: Drive compliance awareness programs and conduct training for teams on security standards and best practices.

- Reporting & Communication: Report risk and compliance status to senior leadership and maintain audit trails for transparency and accountability.

- Collaboration: Work closely with Legal, IT, Security, and Delivery teams to interpret regulatory requirements and ensure ongoing alignment.

Required Qualifications:

Education: Bachelor's degree in Information Security, IT, Business, or related field.

Certifications: Preferred CISA, CISSP, CISM, or similar.

Experience:

- Minimum 2 years in GRC, IT compliance, or risk management.

- Proven experience in IT audits, external regulatory reviews, and control testing.

- Familiarity with standards and frameworks: ISO27001/2, NIST, ISO31000, COBIT, COSO, ITIL.

Key Skills & Competencies:

- Strong understanding of regulatory landscapes (GDPR, HIPAA, SOX, CCPA).

- Expertise in internal control systems and IT general controls (ITGC).

- Strategic thinker with a process-oriented approach and attention to detail.

- Exceptional documentation, analytical, and problem-solving skills.

- Confident communicator with excellent stakeholder and cross-functional collaboration skills.

- Ability to influence security culture and drive compliance adoption across the organization