Information Security GRC Analyst

About The Position

Requirements

• Bachelor's Degree in Information Technology, Computer Science, Cybersecurity, or related field.
• Valid Driver's License.
• Three to five years of experience in information security, IT or risk management, preferably in a financial institution. Or equivalent combination of education and experience.
• Excellent verbal and written communications at both business and deep technical levels.
• Excellent interpersonal skills.
• The ability to manage multiple tasks.
• Technical writing.
• Ability to read and comprehend instructions, correspondence, technical manuals and memos.
• Ability to respond to common inquiries or complaints from employees, vendors and management staff.
• Ability to effectively present information to individuals one-on-one or a small group setting.
• Ability to articulate technical concepts to end-users.
• Deep knowledge of information security principles and standards.
• Advanced knowledge of TPRM platforms and ability to optimize.
• Proactive Mindset: Staying ahead of emerging threats and taking initiative in risk mitigation.
• Strong analytical and problem-solving skills.
• Attention to Detail: Ability to identify subtle security vulnerabilities and ensure accurate documentation.
• Adaptability: Capacity to learn and adapt to rapidly evolving security threats and technologies.
• Teamwork: Willingness to collaborate with other team members for effective risk mitigation.
• Time Management: Skill in prioritizing tasks and managing workload in a fast-paced environment.
• Advanced knowledge of information security principles, standards and frameworks such as NIST, ISO and CIS Controls.
• Advanced knowledge of security tools such as firewalls, vulnerability scanning, antivirus software, and intrusion detection systems.

Nice To Haves

• CISSP, CISA or CRISC or CEH preferred.

Responsibilities

• Independently conducts in-depth assessments of information security risks by analyzing potential vulnerabilities within systems, applications, processes, and 3rd parties.
• Ensures compliance with relevant standards such as ISO 27001, FFIEC, or NIST CSF frameworks.
• Prioritizes vulnerability remediation efforts based on risk severity.
• Coordinates with IT teams to ensure timely patching or mitigation.
• Works daily within TPRM platforms and improve functionality.
• Develops and maintains security metrics and dashboards to monitor risk trends and control effectiveness.
• Maintains and updates risk registers, ensuring accurate tracking of risk and remediation plans.