Security Analyst, GRC

About The Position

Requirements

• BS, BA in Information Technology, Computer Science or other related Business/Technology/Analytical studies
• Prior experience with cyber security, privacy, governance, risk & compliance (GRC), internal audit or other similar function
• Experience interpreting industry and regulatory requirements and authoring supporting controls.
• Experience performing third party assurance assessments
• Excellent client relationship and customer service skills, with a clear client focus.
• Note: nearly all customer facing interactions will require English proficiency in writing and speaking.
• Strong Project Management Skills
• High degree of independence and exceptional work ethic with a team player
• Familiarity with core IT and Information Security Technologies
• Exceptional interpersonal, written and oral communication skills

Nice To Haves

• Security+, CISA, CIPP, ISO 27001 or similar certification a plus
• Knowledge of ISO27001, ISO27701, or SOC2 Type II preferred.
• AuditBoard, OneTrust or similar platform experience a plus

Responsibilities

• Prepare and conduct internal audits of the Information Security Management System (ISMS) and Privacy Information Management System (PIMS) in accordance with ISO 27001 and ISO 27701 requirements to support readiness for external audits.
• Develop and maintain an annual audit plan covering planned operational, ISMS, and PIMS internal audits.
• Track, monitor, and follow up on remediation actions resulting from internal audits, including those from both prior and current audit cycles, to ensure timely and effective closure.
• Perform periodic fraud risk assessments to identify, evaluate, and document potential fraud risks and control gaps.
• Review, update, and maintain internal information security policies on an annual basis to ensure ongoing alignment with regulatory, ISO, and organizational requirements.
• Continually reviews and improves the assessment methodology, process, and procedures.
• Work closely with partners in technology or other departments to identify, prioritize and remediate security compliance issues.
• Performs ad-hoc compliance requests or additional duties as assigned.

Benefits

• Medical
• Dental
• Vision
• Paid Life/AD&D Insurance
• Voluntary Life Insurance
• Short & Long Term Disability
• Flexible Spending Accounts
• 401K
• Generous Vacation and Sick Program
• 10 Paid Holidays
• Education Assistance Program
• Business Casual Attire
• Generous Referral Program
• Employee Discounts and Rewards