Sr Analyst GRC Cybersecurity

Nreca-posted 3 months ago
Full-time
Hybrid • Arlington, VA
Professional, Scientific, and Technical Services
Resume
Match Score
Upload and Match ResumeTrack Jobs with Teal

NRECA is a unique national trade association providing advocacy, financial services and business support services to over 900 consumer owned electric cooperatives across the country. NRECA employees are united by our mission, inclusive culture, collaborative workplace and commitment to service excellence. As a “best place to work” employer, we operate with integrity, transparency and a spirit of innovation. Join IT at NRECA where we are more than a team, we are a community. Guided by the core tenets of Simplicity, Security, Continuity, Transparency, and Flexibility, we strive to deliver business value through collaboration, ideation, and innovation. Become an integral part of a community driven to continuously improve our processes and transform how we work - in partnership with our colleagues and in service to our members. This is a Hybrid role located in Arlington, VA. We are looking for an experienced analyst to support our Cybersecurity Governance, Risk and Compliance (GRC) Team. If you understand information security frameworks, standards and best practices and have experience conducting information security risk assessments, control audits and third-party risk assessments, we are looking for you!

  • Advises IT and the business in accordance with legal, regulatory, contractual, policy, and standards requirements to identify, assess, and prioritize cybersecurity risks.
  • Analyzes findings to identify vulnerabilities and opportunities to improve controls, governance, and risk mitigation.
  • Leads monthly risk security meetings to report on activities and metrics and identifies potential risks and opportunities for improvement.
  • Leads and develops third-party risk management policies and standards and advises on the annual third-party risk assessment plan.
  • Identifies and develops risk and control requirements for systems, data, and technical capabilities in the cloud, on-premises, and third-party vendors.
  • Lead risk assessments, control evaluations, and compliance reviews across business units.
  • Develop, maintain, and enforce security policies, standards, and procedures.
  • Manage third-party risk assessments and vendor security reviews.
  • Support internal and external audits, including evidence collection and remediation tracking.
  • Monitor regulatory changes and ensure compliance with frameworks such as NIST CSF, ISO 27001 and HIPAA.
  • Collaborate with cross-functional teams to identify and mitigate security risks.
  • Prepare and deliver reports and metrics to senior leadership on risk posture and compliance status.
  • Provide guidance and mentorship to junior analysts and team members.
  • Drive continuous improvement in security governance and risk management processes.
  • Bachelor's in Computer Science, Management Information Systems, Information Security, or related field.
  • 7+ years experience in IT and information security risk management, compliance, audit, and governance.
  • 7+ years experience leading and conducting information security risk assessments, control audits, and third-party security risk assessments.
  • Strong technical knowledge of IT and information security technologies, including AWS, Azure, and M365.
  • Experience with information security frameworks, standards, and best practices such as NIST CSF, NIST RMF, NIST 800-30, NIST 800-53, NIST 800-171, HIPAA, SOC2, CIS, ISO 27001/27002, and COBIT.
  • Experience with GRC tools, reports and dashboards development, and compliance automation.
  • Experience using Jira as a central platform for tracking and managing GRC-related tasks, including risk assessments, audit findings, and compliance activities.
  • Ability to develop and recommend solutions appropriate to the business, technology, and cybersecurity context.
  • Ability to work independently and proactively under minimal supervision.
  • Ability to effectively convey complex information to technical and non-technical stakeholders.
  • Excellent analytical and problem-solving skills and attention to detail.
  • Ability to manage multiple projects with competing deadlines.
  • Ability to communicate, both verbally and in writing, with a diverse range of audiences.
  • Ability to report to the office when required.
  • 5% travel.
  • Information Systems Security Professional (CISSP)
  • Risk and Information Systems Control (CRISC)
  • Certified Information Systems Auditor (CISA)
  • Certified Information Systems Manager (CISM)
Track Jobs with Teal

Job Search Resources

AI Resume Builder
Cybersecurity Analyst Resume Examples
Cybersecurity Analyst Cover Letter Examples

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service