Remote - GRC Analyst

About The Position

Requirements

• Bachelor's degree in Cybersecurity, Computer Science, Information Systems or equivalent field required.
• 2-5 years experience in Information Security GRC, Risk Management, Information Technology or equivalent.
• Experience with information security, control standards, and frameworks such as PCI DSS, ISO27001 and/or NIST CSF and 800-53 preferred.
• Certified Information Systems Auditor (CISA) and/or Certified in Risk and Information Systems Control (CRISC) strongly preferred.
• Other certifications such as Certified Information Security Manager (CISM), Project Management Professional (PMP), or Certified Information Systems Security Professional (CISSP) desired.
• Knowledge of Financial Service industry regulations, risk management methodologies, operations or auditing is highly desired.
• Ability to present issues and recommendations in a manner that will be understood and accepted by all responsible parties.
• Strong Excel and SharePoint skills are highly desired.
• Familiarity with GRC and problem management tools highly desired (RSA Archer, Jira, Confluence, LogicGate, ServiceNow, etc.).
• Experience performing Third-Party Risk Reviews, Due Diligence, and Contract Advisory support for InfoSec activities is highly desired.
• Experience with calculating cyber risk using industry risk methodologies (e.g. FAIR) is desired.

Responsibilities

• Maintain familiarity with a broad regulatory landscape impacting business and IT areas.
• Remain current with emerging regulatory sentiments as well as solution trends in the marketplace.
• Understand the impact of laws and regulations on company systems and technology.
• Recommend and implement changes in security policies, standards and/or procedures as needed.
• Collaborate with the appropriate stakeholders to establish and maintain a system for assessing compliance with security and privacy policies.
• Map control requirements across information security frameworks to identify overlapping requirements and compliance efficiencies.
• Review third parties by way of security due diligence.
• Facilitate and support execution of external assessments relative to data security (SOC 1, SOC 2, PCI, etc.).
• Maintain information security risk management methodologies, definitions and processes; aligned with those from Enterprise Risk Management.
• Report on key risk indicators (KRIs) and key performance indicators (KPIs).
• Continuously evaluate network and system security, data vulnerabilities, business continuity and compliance risks.

Benefits

• Diversity and equal opportunity for all applicants and employees.
• Reasonable accommodations for candidates on request.
• Respect for applicants' privacy rights.