**Compliance, Risk Management, and Governance Specialist**
The Compliance, Risk Management, and Governance Specialist will play a crucial role in supporting the integration of new systems into Drata, facilitating audit evidence collection, assisting with risk assessment activities, tracking and reporting on the risk register, and aiding in the annual policy reviews and data retention policy documentation. This mid-level specialist will collaborate closely with the Compliance, Risk Management, and Governance teams to ensure adherence to compliance standards, mitigate risks, and maintain effective governance practices within the organization.
**Key Responsibilities**:
**Compliance**:
- Perform day-to-day monitoring of the data platform.
- Escalating any changes in evidence collection testing status (e.g., tests starting to fail)
- Assist in connecting and integrating new systems into Drata, ensuring compliance requirements are met throughout the integration process.
- Facilitate the collection of audit evidence from Ascend or non-integrated systems, ensuring comprehensive and accurate documentation.
- **Risk Management**:
- Assist with completing client security questionnaires.
- Assist with performing Client´s vendor security reviews level.
- Support risk assessment activities by collaborating with stakeholders to identify, evaluate, and prioritize potential risks.
- Track and report on the risk register, ensuring risks are properly documented, monitored, and escalated when necessary.
- **Governance**:
- Assist in performing annual policy reviews, ensuring policies are reviewed, updated, and aligned with regulatory requirements.
- Collaborate with stakeholders to identify, document, and communicate data retention policies.
- **Qualifications and Skills**:
- Bachelor's degree in a relevant field (e.g., Business Administration, Compliance, Risk Management) or equivalent practical experience.
- High Proficiency in English. **(must)**:
- Proven experience in compliance and risk management roles.
- Strong understanding of relevant regulations and standards pertaining to data privacy, security, and compliance (e.g., GDPR, HIPAA, ISO 27001).
- Familiarity with evidence collection testing and monitoring processes.
- Excellent attention to detail and analytical skills, with the ability to identify and escalate potential compliance and risk issues.
- Strong communication skills, both written and verbal, with the ability to effectively collaborate and build relationships with internal and external stakeholders.
- Ability to multitask and prioritize work effectively in a fast-paced environment.
- Proficiency in using compliance and risk management tools and software.
- Professional certifications in compliance or risk management (e.g., Certified Compliance Professional, Certified Risk Manager) are a plus.