“SENIOR GRC COMPLIANCE ANALYST”
IMMEDIATE NEED for a highly motivated SENIOR INFORMATION SECURITY / GRC COMPLIANCE ANALYST to join an Information Security Governance, Risk, & Compliance (GRC) Team. The position will serve as a primary point of contact for all compliance efforts as well as the liaison to the internal IT Audit team. The ideal candidate will be self-motived as well as a passion for details and a thorough understanding of local, state, and federal regulations as they relate to information security.
- Partner with other members of the GRC Team to serve as a highly professional representative to both internal and external customers
- Provide comprehensive risk assessments of business and technology sponsored projects and initiatives, including engagements with third parties.
- Provide guidance regarding best practices, regulatory, and legal compliance (including SOX, PCI, CCPA & GDPR).
- Use knowledge of information security standards and best practices to assist management in the creation of organization policies, standards, guidelines and processes.
- Evaluate security controls for effectiveness and identify potential risks.
- Establish and cultivate relationships by interacting with all levels of the organization to ensure activities are understood and completed appropriately.
- Establish and cultivate relationships with both internal and external assessors who perform a range of activities including application assessments, penetration tests, SOC 404 Audits, and other reviews.
- Establish and maintain documentation of assessments and controls.
- Work with process owners to ensure that they understand risks and develop comprehensive remediation plans.
- Initiate, facilitate, and promote activities designed to foster InfoSec awareness throughout the organization.
- Monitor and report meaningful metrics on compliance with InfoSec policies, standards, guidelines, and processes.
- Support, communicate and reinforce the mission, values, philosophy, and culture of the organization.
- Bachelor’s Degree in Information Security, Information Assurance, Business Administration, Business Management, Computer Science, Information Technology, etc
- Demonstrated knowledge of information security discipline.
- Minimum of seven (7) years of experience in information technology or business analysis, with at least three (3) years in the information security field.
- In-depth knowledge and understanding of security controls as they relate to applicable regulations and frameworks (SOX, PCI, CCPA, GDPR, STIGS, NIST, ISO, etc.).
- Demonstrated understanding of risk and compliance assessment methodologies.
- Proven ability to take initiative, work independently, and effectively organize multiple workstreams.
- Ability to build and maintain effective partnerships with internal and external customers.
- High level of verbal and written communication skills, including translating technical details to business terms.
- Strong analytical and problem-solving skills with the ability to think and react quickly.
- Ability to learn quickly and take on new responsibilities as the team evolves.
- Experience working with or for a Big 4 accounting firm.
- Experience performing information security reviews of third-party service providers.
- Industry certifications such as CISA, CISSA, CISSP, CASP+, GSNA, GISP, GSTRT, GSLC, GLEG or similar.
- Experience with ServiceNow GRC.
- Project/Program management knowledge and experience.
- Experience with software development, programming or scripting languages, or security testing of applications.
- Knowledge of network-based services, DevOps, client/server applications, mobile applications, enterprise systems and infrastructure, network architecture, or security infrastructure.