Security GRC, Training, and Reporting Analyst

Job Summary

The Security GRC, Training, & Reporting Analyst will be responsible for enhancing Sorenson's security and data protection efforts by designing, configuring, and maintaining our security Governance, Risk, and Compliance (GRC) solution. This role is critical in measuring the effectiveness of data security and compliance practices, managing security risk, and providing data-driven insights to key stakeholders, including executive leadership and the Board. Additionally, this role leads the development, maintenance, and continuous improvement of our data protection / security awareness training programs to foster a strong security culture across the organization.

Essential Duties and Responsibilities

Enhance Sorenson's Security and Data protection efforts through GRC Platform Support & Security Metrics

• Design, configure, and maintain the organization's security GRC solution to support security governance, risk management and compliance initiatives.
• Establish dashboards and automated reporting mechanisms to provide real-time insights into security risk and compliance posture.
• Define, implement and manage GRC and Exception Management workflows, processes, and procedures to optimize efficiency and compliance.
• Crosswalk controls across multiple security compliance frameworks and regulations to foster adoption and identify gaps.
• Develop and maintain risk registers and execute basic risk assessment and management practices.
• Facilitate internal and external audits by ensuring GRC data integrity and efficient retrieval of audit evidence.
• Track compliance requirements and ensure timely reporting.
• Develop and maintain GRC documentation, playbooks, runbooks and automation to enhance data security, streamline processes and improve response times.
• Leverage industry frameworks to map controls, assess gaps and identify areas for improvement in security and data protection.
• Collaborate with security leadership to provide data-driven insights that inform security strategy and enhance data protection measures.
• Build integrations / APIs to third-party and internal Sorenson tools for effective data integration and process efficiency.

Security & Compliance Reporting

• Generate and present security reports for executive leadership and the Board, providing clear insights into risk, compliance, and security performance.
• Develop, track, and report key security performance indicators (KPIs) and key risk indicators (KRIs).
• Ensure alignment of reporting with regulatory and industry compliance frameworks (e.g., ISO 27001, SOC 2, NIST, PCI-DSS, GDPR).
• Collaborate with cross-functional teams to ensure consistent and accurate reporting of security data.
• Gather data from various systems and generate data analytics reports, dashboards and security-based metrics.

Security Awareness & Training Program

• Enhance our data protection program by developing and maintaining engaging security awareness training materials that incorporate interactive elements (e.g., quizzes, videos, real-world scenarios) to promote a strong security culture.
• Regularly review and update training content to address emerging security threats, vulnerabilities, and data protection best practices.
• Implement and manage phishing simulation and training exercises to assess and improve employee resilience to social engineering attacks.
• Provide feedback and additional training to employees who fall for phishing attempts.
• Track and report the effectiveness of phishing simulations and training exercises.
• Collaborate with HR/Learning Department and IT teams to ensure employees complete mandatory security training and monitor training effectiveness.

Risk & Compliance Support

• Assist in the development, review, and updating of security policies and procedures to strengthen data security, protections and compliance.
• Collaborate with security and risk teams to track and manage security control effectiveness

Other duties as assigned.

Supervisory Responsibility

This position hss no supervisory responsibilities

Travel Requirements

Travel Requirements: Less than 25%

Education

Minimum 4 Year / Bachelors Degree in related field

Minimum Certification One or more of the following Certifications: CISSP, CRISC, CISA, CISM or other equivalents

Experience

Minimum of 3 Years of experience

• Experience in GRC Administration, security reporting, or related roles
• Experience in Information Security with combinations in operational security, risk management, IT, Compliance and Audit or data analytics
• Experience in Data analytics, reporting, metrics

Minimum of 2 Years of experience

• Experience specific to Security Risk Management and Compliance programs, process and execution
• Experience in security awareness training program development and implementation

Knowledge, Skills, and Abilities

• Strong understanding of GRC frameworks (e.g., ISO 27001, SOC 2, NIST CSF, PCI-DSS, GDPR).

• Proficiency in data analytics and reporting tools (e.g., Power BI, Tableau, Excel, or Splunk).
• Ability to write solution workflow diagrams, system documentation, playbooks, etc.
• Strong ability to translate complex security data into executive-level reports and presentations.
• Excellent communication skills and ability to work with cross-functional teams.
• Prior experience auditing and performing quality control actions of audits.
• Experience in security awareness training program development and implementation.
• Experience with GRC platforms such as Archer, LogicGate, ServiceNow GRC, or similar tools.
• Strong analytical skills.
• Ability to work with others in both individual and team settings.
• Professional attitude and team player.

Disclaimer

This position has access to highly confidential, sensitive information relating to the employees, customers, and technologies of Sorenson Communications. It is essential that applicant possess the requisite integrity to maintain the information in strictest confidence.

Come be a part of our mission and make a meaningful and positive impact with the industry leading provider of language services for the Deaf and hard-of-hearing!

Benefits

• Paid Vacation Time and Paid Sick Time and Paid Holidays
• 401k 6% match with immediate vesting
• Nationwide Medical Insurance plans and coverage (Medical, Dental/Orthodontia, Vision)




• TeleDoc
• HSA company match
• 3 Medical plan options including a Low Deductible PPO Medical Plan Offering




• Employee Assistance Program
• Engaged Employee Resource Groups
• Outstanding Learning and Career Development Opportunities

Pay Range: Actual pay may vary up or down depending on job-related factors which may include knowledge, skills, experience, and location. In addition, this position may be eligible for incentive compensation.

* Applicants must be legally eligible to work in the United States to be considered. Visa sponsorship is not available for this role *

Company Summary

Our Mission...Harnessing the power of language, we connect diverse people and enrich the human experience.

Our Vision...To provide global language services that expand opportunities, nurture belonging, and empower the world to connect beyond words.

As one of the world's leading language services providers, Sorenson combines patented technology with human-centric solutions. We strive to increase accessibility and inclusion through communication solutions for all: call captioning and video relay services, over-video and in-person sign language and spoken language interpreting, translation, real-time captioning, and post-production language services. Sorenson's impact vision and plan extends to enhancing generational wealth and inclusive workplaces for our employees and the communities we serve.

We achieve great things together working "The Sorenson Way" with our employee values: Customer First, Can-Do Attitude, Collective Action, Growth Mindset, Ownership, and Connect Direct.

Equal Employment Opportunity:
Sorenson Communications is an Equal Opportunity, Affirmative Action Employer.