72
companies
912
Jobs

GRC Analyst

Proxy

Proxy

IT
New York, NY, USA
Posted on Thursday, June 27, 2024

Our mission at Oura is to empower every person to own their inner potential. Our award-winning products help our global community gain a deeper knowledge of their readiness, activity, and sleep quality by using their Oura Ring and its connected app. We've helped 2.5 million people understand and improve their health by providing daily insights and practical steps to inspire healthy lifestyles.

Empowering the world starts with living our values and empowering our team. As a quickly growing company focused on helping people live healthier and happier lives, we ensure that our team members have what they need to do their best work — both in and out of the office.

We are looking for a Governance, Risk, and Compliance (GRC) Analyst to join our growing team. You will play a critical role in managing and improving our GRC activities, aligning them with our organization's strategic objectives.

What you will do:

  • Conduct and manage Vendor Risk Assessments (VRAs) [TPRM].
  • Conduct and manage Client Risk Assessments (CRAs) [Security Questionnaires].
  • Develop and implement Product Risk Assessments (PRAs).
  • Collaborate on GRC programs ensuring alignment with broader security strategy.
  • Review, create, and update policies and procedures to ensure compliance with relevant laws, regulations, and standards.
  • Manage our external audit program, including engaging necessary teams during audit periods.
  • Collaborate with internal stakeholders to improve our Business Continuity Plan (BCP), Continuity of Operations Plan (COOP), Business Impact Analysis (BIA), and Incident Response Plan (IRP).
  • Conduct User and Access Audits, assessing the effectiveness of our offboarding and Role-Based Access Control (RBAC) privilege provisioning processes.
  • Perform internal compliance audits, ensuring that we are measuring the efficacy of compliance activities in our security programs.

This is a remote US role with a slight preference for candidates based in the Eastern and Central time zones.