Sr Analyst GRC Cybersecurity

About The Position

Requirements

• Bachelor’s in Computer Science, Management Information Systems, Information Security, or related field.
• 7+ years of experience in IT and information security risk management, compliance, audit, and governance.
• 7+ years of experience leading and conducting information security risk assessments, control audits, and third-party security risk assessments.
• Strong technical knowledge of IT and information security technologies, including AWS, Azure, and M365.
• Experience with information security frameworks, standards, and best practices such as NIST CSF, NIST RMF, NIST 800-30, NIST 800-53, NIST 800-171, HIPAA, SOC2, CIS, ISO 27001/27002, and COBIT.
• Experience with GRC tools, reports and dashboards development, and compliance automation.
• Ability to report to the office

Nice To Haves

• Technical knowledge pertaining to security hardening of OS, applications and networks
• Experience reviewing system or network designs for risk and compliance that encompass multiple enclaves/networks, including those with different data protection or classification.
• Conducted Third-Party Security assessments reviewing contracts for security requirements and inserting risk management practices within existing processes.
• Led the implementation of technical security controls across all phases of the SDLC, ensuring alignment with security architecture standards and compliance requirements.
• Preferred Certifications: Information Systems Security Professional (CISSP) Risk and Information Systems Control (CRISC) Certified Information Systems Auditor (CISA) Certified Information Systems Manager (CISM)

Responsibilities

• Advises IT and business units by leading activities to identify, assess, and prioritize cybersecurity risks, ensuring alignment with legal, regulatory, contractual, policy, and standard requirements.
• Partners with risk and control owners to develop, implement, and maintain risk registers and metrics; governs and reports on risks and mitigations throughout the lifecycle; maintains risk management policies, standards, and the assessment plan.
• Manages compliance and issue management activities, coordinating with regulators and auditors to track and remediate issues.
• Tests controls for design and effectiveness and partners with owners to implement remediation, reporting on findings and status.
• Analyzes findings to identify vulnerabilities and opportunities to strengthen controls, governance, and mitigation.
• Proactively advises leaders on improvements and ensures proper prioritization and escalation of risks.
• Performs cybersecurity risk governance, ensuring activities follow the governance framework and reporting on conformance.
• Facilitates monthly security risk meetings to report activities, metrics, risks, and improvement opportunities.
• Optimizes the risk governance framework based on best practices and guides IT and business stakeholders in implementing governance requirements.
• Leads development of third-party risk management policies and standards and advises on the annual assessment plan; works closely with stakeholders on third party assessments and risk management.
• Defines risk and control requirements for systems, data, and technology across cloud, on premises, and third-party environments; assesses system designs for risks and cybersecurity noncompliance.
• Maintains and continually develops expertise in GRC trends, technologies, and evolving methods to ensure organizational alignment with current practices.