Associate Analyst, IT Security & Governance, GRC

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Information Technology, Business Administration, or a related field.
• 3 years of experience in governance, risk, and compliance (GRC) or a related role with a focus on policy development.
• Strong understanding of cybersecurity and enterprise frameworks (e.g., NIST CSF, COBIT, CIS, ISO 27001).
• Familiarity with regulatory requirements and standards such as DORA, GDPR, NIS2, or other relevant industry-specific regulations.
• Knowledge of operational and cyber resilience principles.
• Proven ability to write clear, concise, and actionable policies tailored to both technical and non-technical audiences.
• Strong analytical skills to interpret regulatory requirements and framework controls.
• Excellent verbal and written communication skills.
• Ability to collaborate with cross-functional teams and stakeholders.
• Proficiency in governance, risk, and compliance (GRC) tools is a plus.
• Detail-oriented with a commitment to accuracy and quality.
• Proactive and adaptable in responding to evolving regulatory landscapes.
• Strong organizational skills with the ability to manage multiple priorities.
• A collaborative mindset and willingness to engage with diverse teams.

Nice To Haves

• Certifications such as Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Information Systems Security Professional (CISSP), or Certified in Governance of Enterprise IT (CGEIT).

Responsibilities

• Control Assessment:
• Conduct regular control assessments to identify and evaluate potential non-compliance to applicable frameworks.
• Utilize frameworks like NIST 2.0, CIS Version 8 etc. as the basis for control reporting
• Proactively identify policy and program improvement areas from the control assessments for the improvement of organizational maturity levels
• Control Reporting:
• Ensure periodic testing and reporting of the operational and design effectiveness of IT controls
• Ensure reports are clear, concise, and actionable, providing insights into potential impact and recommended mitigation strategies.
• Policy Compliance:
• Collaborate with relevant stakeholders to monitor compliance (through automated and manual tests) to IT governance policies and procedures.
• Ensure implemented processes and controls align with industry best practices and regulatory requirements.
• Compliance and Framework Integration:
• Ensure the organization's IT governance practices and control implementations comply with relevant frameworks, including:
• NIST CSF 2.0 (National Institute of Standards and Technology Cyber Security Framework): Focus on identifying, protecting, detecting, responding, and recovering from cybersecurity threats.
• CIS Version 8 (Center for Internet Security): Implement critical security controls to defend against prevalent cyber threats.
• Other control frameworks as applicable.
• Automation:
• Demonstrate strong inclination to automate control validation processes to minimize manual efforts
• Ensure constant efforts to adopt automation mechanisms for control validation and process improvement
• Training and Awareness:
• Develop and conduct training programs to raise awareness of IT governance and cyber risk management across the organization.
• Ensure that all employees understand their roles in maintaining security and compliance.
• Continuous Improvement:
• Regularly review and update IT governance practices to reflect changes in the threat landscape and business environment.
• Foster a culture of continuous improvement and proactive risk management.

Benefits

• Health, Dental and Disability Insurance
• a company match 401k plan
• Group Term Life Insurance