GRC Analyst

Dice is the leading career destination for tech experts at every stage of their careers. Our client, Concero, is seeking the following. Apply via Dice today! Position Summary The GRC Analyst is responsible for implementing and maintaining the Company's governance, risk, and compliance (GRC) program, with a focus on global data privacy regulations and information security frameworks. This role ensures CECO Environmental's compliance with GDPR, CCPA, PIPL, PIPEDA, and other relevant privacy regulations, while managing compliance activities through Microsoft Purview and related tools. The GRC Analyst will conduct risk assessments, manage compliance documentation, and collaborate with business units to embed privacy and security practices across the organization. May assist with IT due diligence efforts in M&A activities relative to compliance, regulatory requirements, and development of risk mitigation plans. Key Responsibilities • Works as the primary subject matter expert on Microsoft Purview within the company, including data classification, retention policies, information protection, and compliance management. • Manage and maintain compliance with global data privacy regulations including GDPR, CCPA, PIPL, PIPEDA, and other applicable data protection laws. • Implement and administer data governance policies, data loss prevention (DLP) strategies, and information rights management using Microsoft Purview. • Conduct regular risk assessments, control evaluations, and compliance audits to identify gaps and recommend remediation activities. • Develop, maintain, and update compliance documentation including policies, procedures, standards, and guidelines aligned with regulatory requirements and industry best practices. • Monitor regulatory changes and assess impact on the organization; provide guidance on compliance requirements to stakeholders. • Coordinate and support internal and external audits, including evidence collection, response preparation, and remediation tracking. • Develop and deliver privacy and security awareness training programs for employees and stakeholders. • Manage data subject rights requests (DSRs) and privacy incidents, ensuring timely and compliant responses. • Collaborate with IT, Legal, HR, and business units to ensure privacy-by-design principles are incorporated into systems, processes, and initiatives. • Maintain vendor risk management program, including third-party assessments and ongoing monitoring of security and compliance practices. • Generate compliance metrics, dashboards, and reports for leadership and regulatory bodies as required. • This job description represents only the primary areas of responsibility; specific position assignments will vary depending on the needs of the department. • To perform the job successfully, an individual must be able to execute each essential duty satisfactorily. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. Qualifications • A bachelor's degree in Information Systems, Business Administration, Cybersecurity, Legal Studies, or a related field. • 5+ years of experience in GRC, compliance, data privacy, or information security; or an equivalent combination of education and experience sufficient to successfully perform the essential duties of the job such as those listed above. • Prior experience in the commercial industrial manufacturing industry is helpful. Travel Requirements (Requirement): Occasional travel may be required, as necessary; must have ability to travel across borders. LICENSING/CERTIFICATIONS: CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control), CISSP, CIPM (Certified Information Privacy Manager), CIPP (Certified Information Privacy Professional), or other relevant certifications strongly preferred. KNOWLEDGE: • At least 5 years of experience in GRC, with demonstrated expertise in global data privacy regulations (GDPR, CCPA, PIPL, PIPEDA) and information security frameworks (ISO 27001, NIST, SOC 2). • Extensive hands-on experience with Microsoft Purview, including information protection, data classification, retention policies, DLP, and compliance management features. • Strong understanding of privacy principles, data protection requirements, and regulatory compliance obligations across multiple jurisdictions. • Experience with risk assessment methodologies, control frameworks (COBIT, COSO), and audit management processes. • Knowledge of vendor risk management, third-party security assessments, and contract compliance requirements. • Understanding of IT infrastructure and security controls in hybrid environments (on-premises and cloud). • Familiarity with data mapping, data flow analysis, and privacy impact assessments (PIAs). SKILL IN: • Meticulous eye for detail and accuracy in compliance documentation and assessments. • Exercising confidentiality, discretion, and sound judgment when handling sensitive information. • Ability to work on multiple tasks and projects simultaneously and balance conflicting demands. • Relationship building and effective interpersonal interactions. Demonstrating cultural sensitivity to the needs of culturally diverse colleagues. • Critical thinking - Uses logic and reasoning to identify the strengths and weaknesses of alternative solutions, conclusions, or approaches to problems. • Judgment and Decision Making - Considering the relative costs and benefits of potential actions to choose the most appropriate one. • Speaking - Talking to others to convey information effectively. • Writing - Communicating effectively in writing as appropriate for the needs of the audience, including creating clear and comprehensive compliance documentation. ADA Requirements: Office Positions Work Environment: This position is based at the headquarters located in Dallas, TX. Minimal physical requirements, primarily computer use, and communication via virtual platforms, are necessary. Flexibility to adapt to occasional scheduled video meetings and collaborative tasks is essential. Physical Demands Positions in this function typically require standing, climbing, balancing, stooping, kneeling, crouching, crawling, reaching, standing, walking, pushing, pulling, lifting, fingering, grasping, feeling, talking, hearing, seeing and repetitive motions. Concentrated mental and/or visual attention. The work involves performing complex tasks to very close accuracy and quality specifications, or a high degree of hand and eye coordination for sustained periods. Compliance with company attendance standards. The job is typically performed under comfortable working conditions; any disagreeable elements are generally absent during normal performance of job. Compliance with company attendance standards. Sedentary Work: Exerting up to 10 pounds of force occasionally and/or a negligible amount of force frequently or constantly to lift, carry, push, pull or otherwise move objects, including the human body. Sedentary work involves sitting most of the time. Jobs are sedentary if walking and standing are required only occasionally, and all other sedentary criteria are met.