Data Security Analyst

About The Position

Requirements

• Bachelor’s degree in computer science required (Good to have Information Security, IT, Compliance, or related field)
• 1 year computer management or networking field, including some in information security required
• 2–5 years of experience in GRC, compliance, or security roles is preferred.
• Familiarity with NIST frameworks, HIPAA Security Rule requirements, and risk methodologies is preferred.
• Experience with ServiceNow GRC or similar platforms is a plus.
• Strong analytical, communication, and documentation skills is preferred.

Responsibilities

• GRC Ticket Review & Risk Analysis
• Review, triage, and analyze GRC-related ServiceNow tickets.
• Identify and document risks, impacts, and business justifications.
• Draft clear and complete responses for requestors and stakeholders.
• Communicate updates, escalations, and decisions to leaders and service owners.
• Security Exception Management
• Review and evaluate security exception requests to policies and standards.
• Determine impact and likelihood using approved methodologies.
• Document risk statements, compensating controls, and accountability expectations.
• Prepare and communicate risk acceptance recommendations to leadership.
• Analyze threats, vulnerabilities, likelihood, and impact to determine overall exposure.
• Draft risk assessment summaries, recommendations, and mitigation strategies.
• Maintain supporting documentation for audit and compliance review.
• Policy & Procedure Governance
• Facilitate drafting, review, approval, and annual refresh of policies and procedures.
• Maintain version control, ensure revisions are documented, and produce finalized clean versions.
• Coordinate with policy owners to ensure alignment with internal standards and regulatory requirements.
• Regulatory & Framework Alignment
• Interpret and apply NIST, HIPAA, and organizational control requirements.
• Ensure assessments and documentation reflect regulatory and framework expectations.
• Provide guidance on compliance requirements to stakeholders across the organization.
• Knowledge Management
• Update and maintain Security Knowledge Articles within ServiceNow.
• Ensure articles are accurate, current, and accessible to users.
• Collaborate with subject matter experts to identify and close knowledge gaps.
• Operational Support & Ad-Hoc Assignments
• Assist in audit preparation, compliance reporting, and evidence collection.
• Support continuous improvement initiatives within the GRC program.
• Respond to daily and ad-hoc requests from leadership and internal partners.
• Participate in team meetings, special projects, and GRC initiatives.
• Performance Expectations Quality & Accuracy
• Produces high-quality, complete, and well-organized risk analyses, assessments, and documentation.
• Ensures all work aligns with NIST, HIPAA, and internal policy requirements.
• Timeliness
• Responds to ServiceNow tickets within defined SLAs.
• Delivers assessments and documentation by established deadlines.
• Communicates proactively regarding delays or issues.
• Risk Judgment & Critical Thinking
• Applies consistent, well-justified risk ratings and identifies mitigation opportunities.
• Escalates high-risk items appropriately and collaborates effectively on resolutions.
• Communication & Collaboration
• Drafts clear, professional communications for leaders, technical teams, and business owners.
• Works collaboratively across departments to resolve issues and drive outcomes.
• Process Ownership
• Maintains updated knowledge articles, accurate documentation, and organized tracking.
• Demonstrates strong ownership of assigned GRC processes and tasks.
• Professionalism & Reliability
• Maintains confidentiality and handles sensitive information responsibly.
• Consistently meets expectations with minimal rework and limited supervision.
• Adaptability & Initiative
• Responds effectively to shifting priorities and ad-hoc needs.
• Demonstrates initiative by identifying risks early and suggesting process improvements.