GRC Analyst

About The Position

Requirements

• Bachelor's degree in Information Security, Cybersecurity, or Information Technology or equivalent education and experience.
• Minimum of 3-5 years of experience in information security GRC, or related fields.
• Experience with PCI, HIPAA, SOC2, CIS Controls, and risk management, enterprise security risk management.
• Familiarity with healthcare industry regulations and standards is a plus.
• Proficiency in PCI and security risk assessments methodologies and tools.
• Excellent problem-solving skills.
• Strong communication and interpersonal skills.
• Strong understanding of security frameworks and standards (NIST CSF, PCI, HIPAA, SOC2, CIS Controls).
• Experience with GRC tools and technologies PCIP, ISA CISA Certification.

Responsibilities

• Develop and maintain cybersecurity policies, procedures, and standards.
• Ensure alignment of cybersecurity practices with business objectives and regulatory requirements.
• Assist in the creation and management of the cybersecurity governance framework.
• Conduct risk assessments on third parties to identify and evaluate potential cybersecurity risks.
• Develop and implement risk mitigation strategies and controls.
• Monitor and report on risk management activities and the effectiveness of controls.
• Ensure compliance with industry regulations and standards (PCI, HIPAA, SOC2).
• Conduct regular audits and assessments to ensure adherence to compliance requirements.
• Collaborate with internal and external auditors during compliance reviews and audits.
• Develop and deliver cybersecurity awareness training materials.
• Promote a culture of cybersecurity awareness across the organization.
• Monitor and report on the effectiveness of security awareness initiatives.
• Prepare regular reports on GRC activities and metrics for senior security management.
• Maintain comprehensive documentation of all GRC activities, policies, and procedures.
• Ensure proper documentation of risk assessments, audit findings, and compliance activities.