Lead Information Security Analyst – GRC Project Leadership

About The Position

Requirements

• 5+ years of Information Security experience, or equivalent demonstrated through one or a combination of the following: work experience, training, military experience, education
• 4+ years in a vulnerability management or governance, risk and compliance role, identifying and prioritizing areas of policy non-adherence, report development, remediation monitoring and escalation to senior management
• Strong experience with vulnerability or endpoint scanning tools (e.g., Qualys, Tanium)
• Solid understanding of cryptography, encryption key management, and digital certificate lifecycle
• Proven ability to lead projects and/or teams, including planning, coordination, and delivery

Nice To Haves

• IT Security certification (CISSP, CRISC, GIAC, Cloud, etc)
• Demonstrated expertise of Governance, Risk and Compliance principles for monitoring adherence to Information Security policies
• Experience with or strong conceptual understanding of data protection principles, frameworks and technologies
• Knowledge of Cloud service providers such as Amazon Web Services (AWS), Google Cloud Platform (GCP) or MS Azure
• Documentation skills including design diagrams, process flows, security controls and evidence archival
• Proven ability to plan, manage, and deliver complex projects or security initiatives, including defining scope, setting timelines, coordinating resources, and ensuring successful outcomes
• Knowledge of financial institution security procedures and data protection principles
• Experience with Agile methodology and product delivery
• Ability to communicate confidently and professionally
• Ability to negotiate, influence, and collaborate to build successful relationships
• Strong time management skills including the ability to handle multiple deliverables concurrently
• Ability to influence across all organizational levels
• Work independently and lead governance routines on a regular cadence
• Identify security vulnerabilities, perform product mapping, conduct trend analysis, perform risk assessments, and evaluate remediation alternatives
• Engage with stakeholders to monitor remediation and escalate critical risks
• Prepare executive ready
• Develop and maintain documentation for security controls and metrics, governance routines, escalation events, and consequence model
• Drive continuous improvement in policy adherence monitoring, vulnerability management and cryptographic security processes

Responsibilities

• Provide advanced information security consultation for policy compliance, risk management, security controls and remediation monitoring
• Lead projects and coordinate team efforts to ensure timely delivery of security initiatives
• Direct information security risk assessment and research, and recommend remediation plans and strategies
• Perform Governance, Risk, and Compliance activities to identify and prioritize key risk areas, monitor remediation, and escalate critical risks to senior management
• Conduct user engagement on vulnerabilities and identified areas of policy non-adherence, report and advise on moderately complex remediation or mitigation plans
• Design, document, test, maintain, and provide issue resolution recommendations for moderately complex security solutions related to networking, cryptography, encryption keys and digital certificates
• Review and correlate technical data such as vulnerability or endpoint scanning reports (e.g., Qualys, Tanium), key and certificate management reports, and security logs
• Analyze identified vulnerabilities, assess their potential impact, and prioritize remediation efforts based on risk levels
• Develop and maintain security policies and procedures related to information protection, encryption, and certificate management
• Create detailed process documentation and governance artifacts for security controls, metrics, and escalation routines