The Role

At LeafLink, we work hard to earn our users’ trust every day, and gaining & retaining this trust is critically important to LeafLink’s success. LeafLink is seeking an experienced Governance, Risk and Compliance (GRC) Analyst to join our fast-growing team, reporting directly to the GRC Program Manager. In this role, you will be involved in the operational execution, supporting and scaling  LeafLink Inc.’s GRC Program areas. 

The Enterprise Risk and Compliance (ERC) team is responsible for maintaining a strong culture of compliance throughout the LeafLink organization. The ERC team is responsible for a variety of Risk and Compliance Programs, including but not limited to: Policy Management, Risk Assessment, Business Continuity/Disaster Recovery, Third Party Vendor Risk, Controls Management, Audit Management, etc. 

The GRC Analyst will help operationalize and support the ongoing implementation of LeafLink’s third party risk, BC/DR, and controls management programs to ensure we are following the policies, regulations and requirements that impact our innovative projects. This role aligns the best practices of program management with risk/security frameworks and GRC subject matter expertise, while also requiring the ability to partner and strategically think to scale the organization. The individual for this role should have a focus on scalable operations and innovation to challenge the status quo. The individual should be a force multiplier for the team working cross-functionally to deliver commitments and taking the GRC programs to the next level. 

Responsibilities

• Contribute to  the Governance, Risk, & Compliance (GRC) function within the Enterprise Risk and Compliance group and help to implement and continuously improve programs to address key company risks and work with internal teams on  assessments related to program areas of third party risk, BC/DR or controls management 
• Support the GRC Program Manager in leading ongoing risk and compliance initiatives as well as testing and monitoring control effectiveness
• Responsible for maintaining the third party risk and business continuity/disaster recovery programs 
• Develop a third party monitoring program to perform ongoing assessment of third party risks and ensure issues and remediations are identified and addressed in accordance with program requirements
• Champion compliance initiatives by building deep, collaborative relationships with cross-functional stakeholders throughout the organization and review new risks and controls requirements arising from new vendors or partners, or impact to BC/DR from changing or new business lines, technology implementations and transformation efforts
• Become an expert user of the  comprehensive GRC tool (ZenGRC) to manage the GRC program areas and audits

Qualifications

• 3-7 years of experience implementing and managing risk and/or compliance programs for a SAAS, Marketplace or Fintech company
• Ability to build and cultivate strong relationships and be seen as a valued business partner
• Capable of working with teams and commit to deadlines, fostering a positive work environment; being a strong team player who can deal with and provide solutions to complex IT infrastructure and applications issues
• Exhibits proven ability to influence, communicate, collaborate and present 
• Strong knowledge of security risk identification, analysis, assessment, and mitigation within ambiguous environments
• Experience creating and maintaining risk and compliance programs through GRC solutions
• Ability to actively manage competing deliverables to meet business commitments and partners' expectations
• Ability to manage and plan ahead for upcoming audit tasks and works internally to ensure key tasks are scheduled timely
• Demonstrates detailed knowledge in specific areas of cybersecurity, information security, risk assessments, IT general controls, cloud controls  and technical operations processes such as SOX IT, PCI, FFIEC, SOC 2, CIS CSC, NIST, and ISO principles

Benefits