GRC Analyst II

Description

Konami Gaming is looking for a GRC Analyst II to join our team!

This position plays a key role in supporting the organization’s Governance, Risk, and Compliance (GRC) initiatives, with a focus on adherence to ISO/IEC 27001 control standards, and the effective design and operation of General IT Controls (GITC.

This individual is responsible for coordinating risk assessments, maintaining control frameworks and related policies, supporting internal and external audits, and monitoring the implementation of corrective actions. They must work effectively with auditors and business stakeholders across the organization to ensure the confidentiality, integrity, and availability of systems and data through structured control practices and continuous improvement recommendations.

In addition, the role contributes to the development and ongoing management of the organization’s Business Continuity Planning (BCP) program, including risk-based scenario planning, recovery strategies, and continuity testing activities.

The ideal candidate will have a strong understanding of ISO 27001 requirements, IT governance practices, and risk-based control monitoring in regulated environments.

• Support the implementation and ongoing maintenance of the organization’s GRC framework aligned with ISO/IEC 27001.
• Assist in maintaining the Information Security Management System (ISMS), including risk treatment plans and Statement of Applicability (SoA) documentation.
• Perform regular reviews and updates to security policies, standards, and procedures to ensure alignment with ISO requirements and best practices.

• Conduct periodic information security and IT risk assessments, including evaluation of threats, vulnerabilities, and control effectiveness.
• Support the identification, documentation, and tracking of risks, control gaps, and associated remediation activities.
• Collaborate with business and IT teams to ensure risk mitigation strategies are appropriate and effectively implemented.

• Assist in the evaluation, documentation, and testing of key IT general controls (e.g., access management, change management, backup and recovery, logical security).
• Coordinate with control owners to ensure GITC design and operating effectiveness meets internal and external audit expectations.
• Support continuous monitoring of IT controls to ensure consistency, audit readiness, and timely remediation of deficiencies.

• Prepare evidence, respond to inquiries, and support walkthroughs for internal audits, external audits, and ISO 27001 surveillance or certification assessments.
• Track and report on audit findings and corrective action plans to ensure timely resolution and closure.
• Maintain organized and accurate audit documentation and audit trail records.

• Generate compliance dashboards, risk registers, and management reports to provide visibility into security and compliance posture.
• Develop and maintain control testing schedules, evidence repositories, and compliance checklists.
• Monitor for changes in regulatory or certification requirements and assess the impact on current compliance obligations.

• Collaborate with IT, security, legal, and business units to facilitate control implementation and awareness.
• Provide input into awareness training related to policies, risk management practices, and control obligations.
• Participate in cross-functional initiatives to embed governance and compliance requirements into enterprise processes.

• Recommend enhancements to the GRC program based on audit outcomes, control testing, and emerging threats or regulatory developments.
• Support initiatives to automate evidence collection, control testing, and reporting through GRC tools or platforms.
• Stay current with industry trends, ISO updates, and compliance frameworks relevant to the organization’s risk environment.
• All other duties as assigned.

• Competitive Wages
• Great 401(k) plan with company match
• Comprehensive health…