Governance Risk & Compliance Analyst

Requisition #: 19957
Functional Area: Audit/Risk/Compliance
Employment Type: Full-Time
Work Options: In Office / Partial Remote from Neenah/Appleton/Oshkosh area #LI-Hybrid
Work Hours: 8-430pm CST

Position Summary

J. J. Keller is looking for a Governance, Risk & Compliance Analyst to join our Technology Solutions team! This position will support the implementation and maintenance of governance, risk and compliance processes that will protect client data and system integrity for our Technology Solutions team.

This role will work a weekly hybrid schedule of 3 days in our Corporate Office in Neenah, WI and 2 days work from home.

Position Summary

• Jean-friendly environment, every day of the week!
• Café that offers breakfast, lunch and multiple a la carte items
• FREE access to our onsite Fitness Center, Yoga Studio and a fully paid online Fitness Subscription
• FREE access to our J. J. Keller Wellness Center, with access to some prescriptions at no cost
• Near 1-mile-long walking trail that wraps around the campus
• Multiple collaboration stations

• Works with business unit leaders to develop and maintain ISO, SOC, and other related security controls. Continuously improves the framework, methodology, standards, and system of internal controls.
• Conducts internal audits of controls to assess compliance with data security and privacy policies, procedures, standards, and/or regulations.
• Develops and performs tests to evaluate the design and effectiveness of key controls necessary for compliance.
• Reviews test findings, identifies control weaknesses, presents results, and recommends remediation actions.
• Supports issue management, risk acceptances, and corrective action plans.
• Supports corporate audits (internal and external) by fulfilling requests for documentation and participating in audit meetings. Reports on findings, tracks status, and ensures corrective actions are complete and sustainable.
• Assists with preparing and maintaining Business Impact Analysis documents for the business unit. Supports risk identification & assessment, response & mitigation, control monitoring & reporting.
• Coordinates disaster recovery testing for the business unit. Participates in corporate disaster recovery and business continuity assessments/activities.
• Performs security and compliance assessments on new and existing systems, processes, and technology.
• Assists with the preparation of data security questionnaires from customers.
• Monitors system maintenance, upgrades, and end-of-life timelines. Coordinates appropriate activities to remove expired systems from documentation and servers.
• Supports vendor audit/maintenance process and helps lead and define overall third-party risk management efforts.

• 3+ years' analyst experience in risk management or information security.
• ISO 27001 experience with the 2013 standard required.
• ISO 27001 experience with the 2022 standard desirable.

• Bachelor's Degree in a business related field, preferably information security.

• Knowledge of information security, disaster recovery and business continuity planning.
• Ability to interpret technical documentation into system overview documents.
• Effective in working across organizational boundaries.
• Strong ability to work independently and meet deadlines.
• High attention to detail and strong analytical skills.

• Medical / Dental / Vision Insurance
• Annual Reviews, Merit Increases + Quarterly Bonus Program
• 401(k) with Employer Match + Annual Profit Sharing
• 17 PTO Days + 8 Paid Company Holidays + 1 Paid Floating Holiday
• Work/Life Balance & Flex Time
• Annual Learning & Development Subscriptions
• Free Onsite Wellness Clinic
• Free Onsite Fitness Center
• Strong company culture that fosters internal growth and development