We believe in the power and joy of learning At Cengage Group, our employees have a direct impact in helping students around the world discover the power and joy of learning. We are bonded by our shared purpose - driving innovation that helps millions of learners improve their lives and achieve their dreams through education. Our culture values diversity, engagement, and discovery Our business is driven by our strong culture, and we know that creating an inclusive and diverse workplace is absolutely crucial to the success of our company and our learners, as well as our individual well-being. We recognize the value of diverse perspectives in everything we do, and strive to ensure employees of all levels and backgrounds feel empowered to voice their ideas and bring their authentic selves to work. We achieve these priorities through inclusive programs, benefits, and initiatives that are integrated into the fabric of how we work every day. To learn more, please see https://www.cengagegroup.com/about/inclusion-and-diversity/ . The Global Technology Solutions (GTS) Governance, Risk, and Compliance (GRC) Analyst will assess, develop, and incorporate IT General Controls, regulatory frameworks, and IT Risk domains into the unified Cengage Compliance Framework (CCF) to help protect Cengage's IT infrastructure and key products and systems. This individual will partner with product and business functions to introduce core IT risk/compliance concepts and mitigate risk. They will conduct assessments in coordination with other GRC Analysts, IT control owners, and Department Leads to ensure risk and compliance initiatives align with the business risk tolerance and strategy. Requires knowledge of GRC concepts, Compliance frameworks such as NIST and SOC, and formal Risk program management as applied in the IT Audit industry. Risk reporting and relevant framework data will be regularly compiled and reviewed for reporting, remediation, exception management, and strategy with leadership. What you'll do here: + Grow Cengage's GRC Framework by integrating regulatory requirements and industry standards (e.g. NIST, Privacy by Design, PCI Compliance). This position will lead process development and maturation, conduct IT/process assessments, and facilitate management reporting. + Form relationships with teams throughout the company to ensure risks and IT Controls are adequately measured. + Communicate and designate formal Cengage GRC Frameworks for key areas of risk throughout the organization (financial systems, IT infrastructure, and more). + Act as a key resource to the GRC Analyst roles for ongoing work-product, IT Controls audits, and risk reviews. + Support other key initiatives as needed. Performance Metrics: Centralized risk and control performance reporting, including: remediation, exception tracking, and risk acceptance. Skills you will need here: + 2-3 years of experience in IT General Control and/or GRC Compliance functions in a large company. + Understanding of various IT Compliance frameworks. (COSO, NIST 800-53, ISO 27000, NIST 800-171, PCI, etc.) + Active participation in IT Audit engagements with 3rd party firms like PwC, EY, etc. + Understanding of Risk concepts and measurements. + Good interpersonal, presentation, and verbal/written communication skills. Preferred + Bachelor's degree in Cybersecurity, Systems Engineering, Computer Science, Information Systems Management, or equivalent technical training/certifications. + Has experience in SOX, PCI, or Federally based IT compliance programs, including IT control testing + Experience assessing both IT systems and business processes against common frameworks + Experience with ServiceNow, particularly GRC module. + Basic Developer and programming skills in common office toolsets (e.g. Excel, VBA, Word, and SQL based logic). Candidates located in the Eastern or Central time zones are preferred Cengage Group is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, veteran status, marital status, parental status, cultural background, organizational level, work styles, tenure and life experiences. Or for any other reason. You may view Cengage's EEO/Affirmative Action Policy signed by CEO Michael Hansen (https://p.widencdn.net/pdvq6j/EEO_Policy_Statement_January_2017) and Equal Employment Opportunity is the Law notice (http://embed.widencdn.net/pdf/plus/cengage/ybs5gt19ik/eeopost-merged.pdf) by visiting their corresponding links. Cengage Group is committed to providing reasonable accommodations for qualified individuals with disabilities in our job application procedures. If you need assistance or an accommodation due to a disability, you may contact us at accommodations.ta@cengage.com or you may call us at +1 (617) 289-7917. If you are a Colorado state resident, please email jobpostinginquiries@cengage.com to receive compensation information for this role. Please be sure to include this posting's job ID in the subject line of the email to help ensure a timely response. About Cengage Group Cengage Group, a global education technology company serving millions of learners, provides affordable, quality digital products and services that equip students with the skills and competencies needed to be job ready. For more than 100 years, we have enabled the power and joy of learning with trusted, engaging content, and now, integrated digital platforms. We serve the higher education, workforce skills, secondary education, English language teaching and research markets worldwide. Through our scalable technology, including MindTap and Cengage Unlimited, we support all learners who seek to improve their lives and achieve their dreams through education.
