GRC Analyst (Regulatory Audits)

About The Position

Requirements

• Bachelor’s degree in business or technology related fields and three years’ experience in information security, risk management, audit, or compliance; or an equivalent combination of education and experience.
• Knowledge of basic cybersecurity principles.
• Knowledge and understanding of NIST 800-171 and NIST 800-53 frameworks.
• Ability to apply an organization's goals and objectives to develop and maintain architecture.
• Proficiency with business collaboration tools such as Office applications.
• Demonstrates attention to detail.
• Effective organizational and time/task management skills.
• Ability to prioritize responsibilities and to operate with changing priorities; Strong ability to exercise independent judgment.
• Self-starter with the ability to perform with little or no direct supervision.
• Excellent communication skills in working with technical and non-technical people and the ability to develop and maintain collaborative relations among all levels of an organization.
• Treats people with respect; works with integrity and ethically; upholds organizational values.
• Follows policies and procedures; Completes administrative tasks correctly and on time; Supports organization's goals and values.
• Demonstrates accuracy and thoroughness; Looks for ways to improve and promote quality; Applies feedback to improve performance; Monitors own work to ensure quality.

Nice To Haves

• Knowledge or experience with data privacy laws, CJIS, CMMC or other similar regulations preferred but not required.

Responsibilities

• Understand and maintain proficiency with NIST 800-171, NIST 800-53, NIST Cybersecurity Framework (CSF) and Service Organization Controls (SOC) 2 for Service Organizations: Trust Services Criteria including updates, organizational impacts, and practical use.
• Conduct internal control audits and monitoring of security controls, configuration standards, and procedures.
• Provide management with reporting results and metrics. Track remediation efforts and provide guidance regarding process and control gaps.
• Implement new processes and procedures to align with control frameworks.
• Perform recurring risk analysis on vendors, audit results, vulnerability testing and security assessments to identify security issues that could lead to compromised systems, loss of integrity, and/or disruption of availability.
• Assist with and participate in Security Policy, Business Continuity Plan, Disaster Recovery Plan, and Incident Response Plan updates, testing, remediation, and planning.
• Ensure the documents align with industry standards and business process changes.
• Interface with customers to prepare information request responses regarding our policies, procedures, compliance standards, environment, etc.
• Maintain control and risk registers and provide guidance to owners.
• Assist with the creation and administration of security awareness programs and educational efforts. Track employee compliance with issued programs.
• Compile data and prepare reports for management, security leadership team, and security team.
• Accurately maintain and comply with documentation, communication, time entry, and administrative procedures in a timely manner.