Information Security Governance, Risk and Compliance Analyst

About The Position

Requirements

• 3+ years of experience with responsibilities relating to security and compliance.
• Strong written and oral communication skills.
• Strong conceptual understanding of Information Security theories.
• Knowledge of network, application, and cloud security controls.
• Knowledge of regulatory frameworks and compliance standards such as NIST, MITRE, OWASP, HIPAA, PCI-DSS and SOX.
• Strong analytical and problem-solving skills with well-organized and structured work habits, and the ability to identify and mitigate risks.
• An insatiable intellectual curiosity and the ability to learn quickly in a complex space.
• Must pass any and all required background checks
• Must be and remain compliant with all legal or company regulations for working in the industry
• Must be a minimum of 21 years of age

Nice To Haves

• Bachelor’s degree or higher in Information Security or Information Technology may help you stand out but is not required. Demonstrated work experience can be substituted.
• Security certifications, such as CRISC, CISA are preferred, but not required.

Responsibilities

• Own the relationship working with IT and business stakeholders to perform ongoing internal and vendor risk assessments, providing reporting to stakeholders, and ensuring appropriate action is taken.
• Update and track KPIs from the Information Security risk register and work with stakeholders on developing Corrective Action Plans to address risks.
• Provide guidance to newer staff working with internal IT stakeholders for vulnerability management, ensuring vulnerabilities are remediated in accordance with policy and SLAs.
• Own the process for working with IT and business stakeholders to perform ongoing compliance reviews in line with security policies, information security regulations (HIPAA, SOX/ITGC), and security frameworks (NIST, MITRE, etc.).
• Assist with ongoing internal operations and tasks, including ITGC security reviews.
• Spearhead the ongoing internal and external SOX and HIPAA audits and other security audits that are relevant to GTI’s business.
• Provide updates and insight during the development and maintenance of Information Security policies, standards and procedures, aligning with NIST.
• Lead the identification of security training and awareness initiatives for the organization.
• Participate in incident response tabletops, business continuity tests, and other compliance activities and exercises.
• Maintain KPIs and KRIs for Information Security risk & compliance activities.
• Execute tasks as a member of the Information Security team as assigned by management.
• Provide mentorship and guidance to Associate Information Security GRC Analysts.
• Stay up to date on relevant laws and regulations to ensure continuous compliance and audit readiness.
• Collaborate with the IT and security teams in response to security incidents, ensuring proper documentation and reporting.