IT GRC Analyst

About The Position

Requirements

• Bachelor's Degree in Computer Science, MIS, Business Administration or similar area of study.
• Three (3) years of previous experience required.
• Experience in the areas of change control, problem management, incident management troubleshooting security solutions
• Technical understanding and awareness to security best practices to be implemented for modern systems such as Oracle ERP, AWS, and other agentic/AI/ML solutions
• Familiarity/prior exposure to agentic AI tools and willingness to learn other tools
• Strong verbal and written communication skills to work with cross-functional teams.

Nice To Haves

• Bachelor's Degree and at least three (3) years of experience in network, host, data and/or application security in multiple operating system environments.
• Certified Information Systems Security Professional (CISSP)
• Certified in Risk and Information Security Control (CRISC)
• Certified Information Security Manager (CISM)
• Other professional certifications desired include: CPA, CCSP, CISA
• Fortune 500 experience.
• Technical skills across a broad range of computing platforms and network protocols.
• Ability to support both internal and external audits.
• Experience in the areas of change control, problem management, incident management troubleshooting of security solutions.
• Ability to multi-task and work on multiple projects at one time.
• Ability to communicate both written and verbally.

Responsibilities

• IT Risk Management: Drive risk identification, assessment, and mitigation of cybersecurity, technology, and data risks while staying up-to-date on changes in regulations, best practices, emerging technologies, and company-specific M&A activity and strategy that could impact the organization's IT governance, risk, and compliance posture.
• Continuous Monitoring: Drive company-wide implementation and adoption of continuous monitoring technology and tools to improve overall adequacy, quality and efficacy of controls.
• Policy Governance: Create and maintain policies and standards, in collaboration with stakeholders and drive company-wide implementation and adoption
• Compliance Management: Evaluate and support enterprise compliance against various regulatory requirements such as SOX, PCI, GDPR, as well as company policies. Provide reporting to leadership on issues identified, ongoing mitigation efforts and timing to execute, and formalize management risk acceptance where applicable.
• Security and Awareness Training: Promote a culture of cybersecurity awareness across the organization through risk assessments, monthly phishing and security training and awareness campaigns, giving leadership visibility into the effectiveness of training programs.

Benefits

• Medical
• Dental
• Vision
• Life Insurance
• Short Term Disability
• Stock Purchase Plan
• Company match on 401K
• Paid Vacation
• Holidays
• Personal Days