Security Analyst, GRC
HireRight•Nashville, TN
•Onsite
About The Position
This role reports to the Senior Director, Governance Risk & Compliance and will primarily conduct cyber security audits and assessments that help ensure that the organization is compliant, and ready for, certification of its security program. This is a position that requires strong communication and relationship building skills, as well as patience and attention to detail.
Requirements
- BS, BA in Information Technology, Computer Science or other related Business/Technology/Analytical studies
- Prior experience with cyber security, privacy, governance, risk & compliance (GRC), internal audit or other similar function
- Experience interpreting industry and regulatory requirements and authoring supporting controls.
- Excellent client relationship and customer service skills, with a clear client focus. Note: nearly all customer facing interactions will require English proficiency in writing and speaking.
- Strong Project Management Skills
- High degree of independence and exceptional work ethic with a team player
- Familiarity with core IT and Information Security Technologies
- Exceptional interpersonal, written and oral communication skills
Nice To Haves
- Security+, CISA, CIPP, ISO 27001 or similar certification a plus
- Knowledge of ISO27001, ISO27701, or SOC2 Type II preferred.
- Experience performing third party assurance assessments; AuditBoard, OneTrust or similar platform experience a plus
Responsibilities
- Prepare and conduct internal audits of the Information Security Management System (ISMS) and Privacy Information Management System (PIMS) in accordance with ISO 27001 and ISO 27701 requirements to support readiness for external audits.
- Develop and maintain an annual audit plan covering planned operational, ISMS, and PIMS internal audits.
- Track, monitor, and follow up on remediation actions resulting from internal audits, including those from both prior and current audit cycles, to ensure timely and effective closure.
- Perform periodic fraud risk assessments to identify, evaluate, and document potential fraud risks and control gaps.
- Review, update, and maintain internal information security policies on an annual basis to ensure ongoing alignment with regulatory, ISO, and organizational requirements.
- Continually reviews and improves the assessment methodology, process, and procedures.
- Work closely with partners in technology or other departments to identify, prioritize and remediate security compliance issues.
- Performs ad-hoc compliance requests or additional duties as assigned
Benefits
- Medical
- Dental
- Vision
- Paid Life/AD&D Insurance
- Voluntary Life Insurance
- Short & Long Term Disability
- Flexible Spending Accounts
- 401K
- Generous Vacation and Sick Program
- 10 Paid Holidays
- Education Assistance Program
- Business Casual Attire
- Generous Referral Program
- Employee Discounts and Rewards
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
Upload and Match Resume
What This Job Offers
Job Type
Full-time
Career Level
Mid Level
