GRC Analyst

About The Position

Requirements

• Deadline driver, detail-oriented, focus on efficiency and process improvement.
• Ability to explain technical jargon in simplified terms.
• Degree in Information Technology or equivalent experience in the technical field.
• 2-3 years of relevant experience
• Fundamental knowledge of basic IT concepts, technologies, practices like: DNS, DHCP, RMM, MDM, SIEM, AD/DC, BCDR, SSO, IAM, and DLP
• Knowledge of IT Security frameworks including but not limited to: ISO 27001, NIST, CIS, etc.

Responsibilities

• Serve on a team responsible for being the point of contact for IT-related audits, including external and internal audits
• Assist with developing and implementing application security and privacy policies, standards, and educational efforts.
• Actively review ISMS and PIMS policies, standards, procedures, and guidelines
• Work with stakeholders and subject matter experts on the maintenance and development of ISMS and PIMS policies, standards, procedures, and guidelines
• Research privacy-related topics to enhance department privacy efforts.
• Provide input to the information security awareness, training, and education program.
• Perform IT control assessments/reviews
• Assist in maintaining and improving ISMS and PIMS compliance frameworks.
• Work with external auditors as required/needed
• Perform administrative document management duties
• Provide compliance-related requirements for significant changes in the organization.
• Gather, analyze, and evaluate risk and risk-related data.
• Develop and maintain positive relationships with the technology department, stakeholders, and customers
• Responsible for identifying control deficiencies and communicating the drawbacks to the Control Owner
• Managing and establishing vendor management vetting process
• Establishing and managing proper BC/DR testing
• Implementation and monitoring of technical safeguards
• Assist in rolling out cyber-related technical controls
• Assists in the configuration and management of cyber-related systems
• SSO, MDM, RMM, Device Patching, Vulnerability Scanners, AD/DC, IAM, and DLP

Benefits

• Hybrid work schedule
• Health insurance through Cigna (medical & dental)
• Vision coverage through VSP
• Pharmacy benefits through OptumRx
• FSA, HSA, Dependent Care FSA, and Limited Purpose FSA options
• 401(k) and Roth 401(k) with company match
• Pet discount program with PetAssure
• Norton LifeLock identity theft protection
• Employee Assistance Program (EAP) through NYLGBS
• Fertility benefits through Progyny
• Commuter benefits
• Company-paid Short-Term and Long-Term Disability
• Voluntary Term Life & AD&D Insurance, plus Universal Life Insurance options
• Supplemental Aflac coverage: Accident, Critical Illness, and Hospital Indemnity
• Discounts and rewards through BenefitHub