Security GRC Analyst II

About The Position

Requirements

• Bachelor's Degree in cybersecurity, IT, or a related field
• 5+ years in cybersecurity with a focus on data protection or governance
• Knowledge, Skills and Abilities
• Proficiency with data protection concepts and tools (e.g. DLP, encryption).
• Solid understanding of security frameworks (e.g. PCI, GDPR, HITRUST, ISO 27001 & NIST 800-53, NIST 800-161)
• Strong communication, analytical, and problem-solving abilities.
• Ability to motivate and influence behavior change across all levels of the organization.
• Strong time management skills and attention to detail.
• Creative problem-solving and adaptability to emerging security challenges.
• Strong communication skills (written and oral).
• Technical expertise with Microsoft Purview or related security tools.

Responsibilities

• Configure, manage, and optimize data protection tools such as DLP solutions, encryption technologies, and cloud security controls.
• Conduct data discovery and classification to identify high-risk assets.
• Investigate and respond to data breaches and incidents involving sensitive information.
• Configure, manage, and optimize data protection tools such as DLP solutions, encryption technologies, and cloud security controls.
• Conduct data discovery and classification to identify high-risk assets.
• Investigate and respond to data breaches and incidents involving sensitive information.
• Lead governance projects
• Analyze alerts and logs to identify data-related security incidents.
• Provide recommendations for mitigating risks and improving controls.
• Collaborate with IT and legal teams during forensic investigations.
• Develop and deliver targeted training sessions on data governance and protection.
• Support security training application and end user follow up.
• Act as a resource for employees seeking guidance on handling sensitive data.