GRC Consultant (Governance, risk management, and compliance)
EPAM is committed to providing our global team of more than 41,150 EPAMers with inspiring careers from day one. EPAMers think creatively and lead with passion and honesty. Our people are the source of our success. We value collaboration, work in partnership with our customers, and strive for the highest standards of excellence. In today’s market conditions, we’re supporting operations for hundreds of clients around the world remotely. No matter where you are located, you’ll join a dedicated, diverse community that will help you discover your fullest potential.
DESCRIPTION
Currently, we are looking for an experienced GRC Consultant (Governance, risk management, and compliance) with solid Risk and Compliance experience to help engage and consult with clients on risk and compliance (including security) issues.
Work location: remote in the US or Canada
Business trips: 40%-60% in the future after lockdown
REQ #: 231419266
WHAT YOU’LL DO
- The main responsibility is helping our clients solve their complex business issues from strategy to execution, in particular:
- The development and establishment of the governance, risk, and compliance program starting from current state analysis, conducting stakeholders’ interviews, performing gap analysis, developing target state vision and roadmap, applying industry best practices
- Provision of recommendations to implement one or more GRC technology platforms functionally -i.e., MetricStream, Archer, Riskonnect, etc
- Designing, implementing, and/or assessing risk and compliance processes, understanding the systems implementation lifecycle pursuant to the business processes related to core internal audit, compliance, or risk management components. This may include industry-specific initiatives and/or configuring and implementing within the GRC technology environment
- Collaborating with systems integrators in developing business requirements and designs in technology implementations
- Adapting templates to meet the client's needs and/or required templates, identifying what portions of preexisting materials are applicable and what needs to be tailored
REQUIREMENTS
- Risk management, compliance management, and/or enterprise governance as it relates to how technologies can be and are leveraged throughout organizations' internal audit, risk, and compliance functions and processes, as well as the associated benefits that can be realized
- Financial, operational, and technology processes and/or controls related to internal audits or other risk and compliance monitoring and testing programs
- Leveraging knowledge of one or more compliance (SOX, HIPAA, DCAA, ISO 27001/27002, NIST 800 series, COBIT, PCI-DSS, ITIL) and/or risk (Enterprise, Operational) initiatives, especially related to using technology to meet the demands of the aforementioned initiatives
- Data Compliance
- Industry certification is needed
- Must have: Strong understanding of CCPA, GDPR, NYDFS compliance, information security standards such as ISO27001/2, NIST 800-53
- Business development experience is a huge plus
- Cybersecurity is a plus
- Senior-level connections
WHAT WE OFFER
- Medical, Dental and Vision Insurance (Subsidized)
- Health Savings Account
- Flexible Spending Accounts (Healthcare, Dependent Care, Commuter)
- Short-Term and Long-Term Disability (Company Provided)
- Life and AD&D Insurance (Company Provided)
- Employee Assistance Program
- Unlimited access to LinkedIn learning solutions
- Matched 401(k) Retirement Savings Plan
- Paid Time Off
- Legal Plan and Identity Theft Protection
- Accident Insurance
- Employee Discounts
- Pet Insurance