Fast Facts

Exciting opportunity for a Governance and Compliance Analyst to lead cybersecurity governance programs and ensure compliance with security standards at Elsevier, a global leader in information and analytics.

Responsibilities: The analyst will design and implement cybersecurity governance frameworks, ensure compliance with laws and regulations, monitor internal policies, and collaborate with IT and legal teams.

Skills: Deep understanding of cybersecurity frameworks, risk management, compliance standards, advanced problem-solving, and strong communication skills.

Qualifications: Experience in cybersecurity governance frameworks like ISO 27001, regulatory compliance, and enterprise GRC programs; certifications like CISSP or CISM are preferred.

Location: Home based - Georgia, United States of America

Compensation: Not provided by employer. Typical compensation ranges for this position are between $90,000 - $130,000.

Are you looking to utilize your compliance and governance expertise as a critical member of our GRC team?

About the role: We are seeking an experienced Governance, Risk, and Compliance (GRC) Analyst to lead the development and implementation of our cybersecurity governance program and maintain compliance with our information security standards and frameworks. The successful candidate will have a deep understanding of cybersecurity frameworks, risk management, and compliance standards, and will work collaboratively with cross-functional teams to ensure alignment with business objectives and regulatory requirements.

About the team: This diverse team is ensuring that the GRC policy landscape is being adhered to and ensuring that all necessary protections are in place.

Key Responsibilities: 

• Designing, implementing, and maintaining a comprehensive cybersecurity governance framework that aligns with industry’s best practices (e.g., ISO 27001, NIST, COBIT).
• Creating, reviewing, and updating cybersecurity policies and procedures to ensure compliance with applicable laws and regulations.
• Monitoring compliance with internal policies and external regulations and prepare for audits and assessments.
• Establishing enterprise level security governance structure, charters, participants and roles, and perform periodic role reviews to ensure appropriate accountability is maintained. 
• Working closely with IT, legal, and business units to ensure cybersecurity governance initiatives are integrated into overall business processes.
• Driving security-related certification efforts such as ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 42001, FedRamp, StateRamp, TX Ramp, HIPAA, PCI, etc.  Drive communication and upwards reporting of the highest risk initiatives to Director of GRC, VP GRC and other key stakeholders. Generate regular reporting including KPIs, metrics and SLAs reporting, executive reporting, and other ad hoc reporting as required by management. 
• Responsible for resolution of cybersecurity GRC issues. 
• Serving as a trusted advisor to the business and technology stakeholders across the enterprise to partner on security issues and stay aligned on common goals.   

Requirements:

• Experience designing, implementing, and maintaining a comprehensive cybersecurity governance framework that aligns with industry best practices (e.g., ISO 27001, NIST, COBIT).
• Experiencing creating, reviewing and updating cybersecurity policies and procedures to ensure compliance with applicable laws and regulations.
• Experience implementing cybersecurity and compliance related frameworks such as ISO 27001, ISO 27701, ISO 27017, ISO 27018, ISO 42001, FedRamp, StateRamp, TX Ramp, HIPAA, PCI, etc.  
• Experience managing an enterprise cybersecurity GRC program. Experience in defining cybersecurity controls, particularly related to regulatory, legislative, and industry specific compliance requirements.
• Ability to develop and implement security programs. 
• Advanced problem-solving experience involving leading teams in identifying, researching, and coordinating the resources necessary to effectively troubleshoot/diagnose complex project issues; prior success extracting/translating findings into alternatives/solutions; and identifying risks/impacts and schedule adjustments to facilitate management decision-making.
• Advanced communication (verbal and written) and customer service skills. Strong interpersonal, communication, and presentation skills applicable to a wide audience including senior and executive management, customers, etc., including diction/terminology and presenting information in a concise and effective manner to clients, management, and various departments using assorted communication mediums.
• Excellent stakeholder management skills. Ability to cultivate and maintain solid relationships with key stakeholders across organizational teams and third-party suppliers.

Helpful Licensing/Certifications

• Certified Information System Security Professional (CISSP)  
• Certified Information Security Manager (CISM) 
• Certified Information Systems Auditor (CISA)

Work in a way that works for you

 We promote a healthy work/life balance across the organization. We offer an appealing working prospect for our people. With numerous wellbeing initiatives, shared parental leave, study assistance and sabbaticals, we will help you meet your immediate responsibilities and your long-term goals.

• Working flexible hours - flexing the times when you work in the day to help you fit everything in and work when you are the most productive.

Working for you

We know that your wellbeing and happiness are key to a long and successful career. These are some of the benefits we are delighted to offer:

- Health Benefits: Comprehensive, multi-carrier program for medical, dental and vision benefits

- Retirement Benefits: 401(k) with match and an Employee Share Purchase Plan

- Wellbeing: Wellness platform with incentives, Headspace app subscription, Employee Assistance and Time-off Programs

- Short-and-Long Term Disability, Life and Accidental Death Insurance, Critical Illness, and Hospital Indemnity

- Family Benefits, including bonding and family care leaves, adoption and surrogacy benefits

- Health Savings, Health Care, Dependent Care and Commuter Spending Accounts

- Up to two days of paid leave each to participate in Employee Resource Groups and to volunteer with your charity of choice

About the Business

A global leader in information and analytics, we help researchers and healthcare professionals advance science and improve health outcomes for the benefit of society. Building on our publishing heritage, we combine quality information and vast data sets with analytics to support visionary science and research, health education and interactive learning, as well as exceptional healthcare and clinical practice. At Elsevier, your work contributes to the world’s grand challenges and a more sustainable future. We harness innovative technologies to support science and healthcare to partner for a better world.

-----------------------------------------------------------------------

Elsevier is an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law. We are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form: https://forms.office.com/r/eVgFxjLmAK , or please contact 1-855-833-5120.

Please read our Candidate Privacy Policy.