Overview

“SENIOR GRC COMPLIANCE ANALYST”

POSITION SUMMARY 

IMMEDIATE NEED for a highly motivated SENIOR INFORMATION SECURITY / GRC COMPLIANCE ANALYST to join an Information Security Governance, Risk, & Compliance (GRC) Team. The position will serve as a primary point of contact for all compliance efforts as well as the liaison to the internal IT Audit team. The ideal candidate will be self-motived as well as a passion for details and a thorough understanding of local, state, and federal regulations as they relate to information security.

POSITION RESPONSIBILITIES

  • Partner with other members of the GRC Team to serve as a highly professional representative to both internal and external customers
  • Provide comprehensive risk assessments of business and technology sponsored projects and initiatives, including engagements with third parties.
  • Provide guidance regarding best practices, regulatory, and legal compliance (including SOX, PCI, CCPA & GDPR).
  • Use knowledge of information security standards and best practices to assist management in the creation of organization policies, standards, guidelines and processes.
  • Evaluate security controls for effectiveness and identify potential risks.
  • Establish and cultivate relationships by interacting with all levels of the organization to ensure activities are understood and completed appropriately.
  • Establish and cultivate relationships with both internal and external assessors who perform a range of activities including application assessments, penetration tests, SOC 404 Audits, and other reviews.
  • Establish and maintain documentation of assessments and controls.
  • Work with process owners to ensure that they understand risks and develop comprehensive remediation plans.
  • Initiate, facilitate, and promote activities designed to foster InfoSec awareness throughout the organization.
  • Monitor and report meaningful metrics on compliance with InfoSec policies, standards, guidelines, and processes.
  • Support, communicate and reinforce the mission, values, philosophy, and culture of the organization.

POSITION QUALIFICATIONS

“REQUIRED”

  • Bachelor’s Degree in Information Security, Information Assurance, Business Administration, Business Management, Computer Science, Information Technology, etc
  • Demonstrated knowledge of information security discipline.
  • Minimum of seven (7) years of experience in information technology or business analysis, with at least three (3) years in the information security field.
  • In-depth knowledge and understanding of security controls as they relate to applicable regulations and frameworks (SOX, PCI, CCPA, GDPR, STIGS, NIST, ISO, etc.).
  • Demonstrated understanding of risk and compliance assessment methodologies.
  • Proven ability to take initiative, work independently, and effectively organize multiple workstreams.
  • Ability to build and maintain effective partnerships with internal and external customers.
  • High level of verbal and written communication skills, including translating technical details to business terms.
  • Strong analytical and problem-solving skills with the ability to think and react quickly.
  • Ability to learn quickly and take on new responsibilities as the team evolves.

“PREFERRED

  • Experience working with or for a Big 4 accounting firm.
  • Experience performing information security reviews of third-party service providers.
  • Industry certifications such as CISA, CISSA, CISSP, CASP+, GSNA, GISP, GSTRT, GSLC, GLEG or similar.
  • Experience with ServiceNow GRC.
  • Project/Program management knowledge and experience.
  • Experience with software development, programming or scripting languages, or security testing of applications.
  • Knowledge of network-based services, DevOps, client/server applications, mobile applications, enterprise systems and infrastructure, network architecture, or security infrastructure.