IT Analyst, Security GRC

About The Position

Requirements

• Bachelor’s degree in computer science, cybersecurity, governance, risk and compliance, or business desired, or equivalent combination of education, training and experience.
• 3-5 Years of Governance, Risk and Compliance experience.
• Certification in at least one of the ISC2 series, ISACA series, SANS series, CompTIA Series, or Security + is required for this position.
• Working knowledge of IT and OT cybersecurity regulatory requirements. Examples include: NIST CSF 2.0, NIST 800-82, NIST 800-63, TSA SD2, and MTSA Cybersecurity Rule
• Experience with using a governance, risk, and compliance management application.
• Monitor and advise on pertinent policy requirements that impact the program.
• Assist with the establishment, execution, and maintenance of document control processes.
• Prepare policies, standards, procedures, and other guiding documents to support Information Technology (IT) and Operational Technology (OT) governance.
• Evaluate existing documentation to ensure content is current and adheres to defined operating models.
• Identify and mitigate gaps in regulatory documentation readiness through defining source documents, creating report templates, identifying best practices, etc. in collaboration with primary stakeholders.
• Collaborate with cross-functional teams, stakeholders, and subject matter experts to gather input, feedback, and requirements in support of the IT/OT governance program.
• Proofread, edit, and format technical documentation.
• Prepare and provide updates for recurring status reports.
• Prepare and maintain managerial reports and dashboards for assigned applications.
• Review and/or copy edit content developed by other members of the team.
• Train staff and other departments on document control processes and procedures, as applicable.
• Assist with internal and external audit activities.
• Serve as a representative on relevant projects, demonstrating ability to manage project activities, assess regulatory risks & development plans in accordance with regulatory, scientific & technical criteria.
• Provide on-call support during non-business hours to Operations on a rotational basis.
• Ability to travel up to 20% domestically and internationally.

Nice To Haves

• Communication. Makes clear and convincing verbal presentations to individuals or groups. Independently delivers presentations and briefings as required within role. Effectively and consistently facilitates meetings with key stakeholders.
• Decision Making & Problem Solving. Makes good decisions (without considering how much time it takes) based upon a mixture of analysis, experience, and judgement. Appropriately escalates issues requiring direct manager insights or input on decisions. Ability to effectively seek out others, including leader or key stakeholders, to ensure the best decision is made.
• Customer Service. With guidance, identifies potential issues that could impact internal or external customers and resolves issues as appropriate. Promptly reacts to requests from customers in a timely and professional manner. Reinforces importance of customer service.
• Stakeholder Engagement. Ability to maintain good relationships with the people who have the most impact on your work. Actively seek feedback from stakeholder groups; develop effective listening skills.
• Use of Resources. Ability to lead self and request resources as necessary to deliver work deliverables.
• Time Management & Organization. Can effectively structure work and agreed deliverables according to company standards. Ability to organize tasks and time to prioritize activities that advance project goals and key deliverables.
• Self-Development. Takes initiative to work with direct manager to assess development needs and seeks out constructive feedback. Works with direct manager to implement plans as needed to improve upon identified development needs. Works with direct manager to proactively gain knowledge and seeks opportunities to further develop abilities.

Responsibilities

• Project Implementation. Complete assigned tasks that assist with the implementation of various projects. Develop and review project documentation, including requirements, when applicable.
• System Maintenance. Perform the maintenance of systems and technologies. Investigate and respond to reported application issues.
• Application Administration. Assist system administrators in the setup and configuration of assigned applications. Administer user access, system capabilities, and security and systems interfaces.
• Internal Support. Support the various IT systems with lifecycle management of assigned and dependent applications.
• Documentation. Support the controlled document lifecycle/retention processes and procedures. Create documentation for relevant frameworks, applications and programs. Work with content owners, stakeholders and leadership to ensure documentation is current and accurate. Documentation may include project documents, control processes, policies, standards, procedures, and templates.
• Testing. Test application upgrades before releasing to production. Stay current with upcoming release features and capabilities. Provide recommendations for application system upgrades and enhancements.
• Reporting. Support the creation and preparation of relevant KPIs. Assist with the development and implementation of management reports and dashboards.
• Training. Assist with the development of training material. Provide training to staff and other departments related to application changes, document control processes, program updates, and other relevant content.
• On-Call Support. Provide on-call support during non-business hours to Operations on a rotational basis.
• Customer Service. Provide exceptional customer service.
• Process Improvements. Assist with identifying potential opportunities to increase efficiencies and/or improvements to existing processes. Help identify gaps in the current business model and propose processes that will help move the business forward.
• Other duties as assigned.