GRC Technical Writer

GRC Technical Writer

Department: Technical

Employment Type: Full Time

Location: USA, Remote

Description

About us
We are Digital Science and we are advancing the research ecosystem. We are a pioneering technology company, and our vision is of a future where a trusted and collaborative research ecosystem drives progress for all. We believe in better, open, collaborative and inclusive research. In creating the next generation of tools and working in partnership with the community we tackle some of the biggest challenges to research. In order to achieve our vision, we need innovative, inspiring and dynamic people to join our team. Want to join us?

Your new role
As our GRC Technical writer, you will be part of our Information Security team, overseeing our Governance, Risk and Compliance documentation. This role partners with several areas of Digital Science and adds value through contributing to a robust compliance framework to meet our ever evolving compliance requirements. You will be a member of a new sub-team, primarily responsible for the delivery and maintenance of compliance specific to large, US (Federal) customers with enhanced security and privacy requirements alongside providing support to the wider organization. This is a very important role which requires a high standard of communication and stakeholder management. 
This role (due to Federal requirements) can only be satisfied by a “US citizen, US national, or US person” and additional checks may be required.

What you’ll be doing

• Work with the stakeholders from across the group, our customer-base and third-party vendors/partners, to embed and enhance InfoSec compliance for products, services and business units under your purview. 
• Writing, reviewing and updating information security policies, procedures, standards and guidelines spanning across several frameworks including FedRAMP, NIST and ISO 27001 primarily. 
• Managing and maintaining a documentation inventory using existing GRC tool(s).
• Assist in drafting responses to risk assessments and where appropriate, audit responses and security questionnaires.
• Advising on the implementation of security controls, risk frameworks and alignment with regulatory and compliance frameworks.
• Assist in auditing controls across multiple security frameworks to identify gaps
• Collaborate with subject matter experts across the organization as a bridge between technical and infosec functions.
• Provide customers and auditors with documentation relating to security assessments and audits.
• Reporting to CISO, Deputy CISO, senior management and stakeholders in order to understand the performance of the system.

What you’ll bring to the role

• You will have a demonstrable track record in GRC technical writing and tooling (Ideally utilizing Hyperproof or similar)
• You have significant, expert, professional experience in Information Security Compliance with demonstrable expertise spanning several frameworks simultaneously e.g. FedRAMP (to at least ‘moderate’ level), DoD IL4 and NIST-800 (53 and 218 at a minimum).
• You have parallel knowledge of ISO/IEC 27001 and 27701 in order to compare, contrast and advise on meeting requirements and controls required to achieve and maintain FedRAMP compliance. 
• You will have successfully contributed to a FedRAMP implementation programme utilizing consultants, third-parties and internal resources. 
• You’re highly organized and have the ability to work on intricate details without losing the big picture
• You’ll be a strong communicator and comfortable communicating with people at all organizational levels and leading conversations around recommendations for improvements 
• You have a collaborative approach to how you work and ensure all groups are communicated with and understand your process and approach 
• You’re a self learner and have an inquisitive mind 
• You’re resourceful and solutions focussed, making practical considerations for all groups involved 
• You’re a natural problem solver and have strong analytical skills 
• Bachelor degree in English, Technical Communication, Information Systems or a Cyber Security related field, and/or equivalent Information Security related certifications.

Living our Values

We invest in, nurture and support innovative businesses and technologies that make all parts of the research process more open, efficient and effective. 
The talent we secure is fundamental to us achieving our vision and our growth plans. The values we live by are:
We are brave in the pursuit of better We are collaborative and inclusive We are always open-minded We are from and for the community 

We're an equal opportunity employer. All applicants will be considered for employment without attention to race, colour, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status

Additional Information

Please note that, in light of vaccination mandates for US Government contractors, Digital Science requires that all US-based employees are fully vaccinated against COVID-19, subject to approved accommodations.