Sr. Cyber Security GRC Specialist

About The Position

Requirements

• Minimum of a Bachelor’s Degree in Information Technology, Cyber Security, Computer Science, or a related field (or 5 years of relevant experience in lieu of a Bachelor’s Degree)
• 4+ years of experience in Cyber Security or IT governance
• Working knowledge of common security concepts, network fundamentals, and risk assessment techniques
• Working knowledge of information security standards and frameworks (e.g., ISO/IEC 27001, NIST CSF) and how to apply them in a corporate environment
• Experience supporting risk management frameworks and control assessment activities (e.g., NIST Cyber Security Framework or ISO 27001)
• Strong communication, analytical, and collaboration skills, with the ability to manage priorities across multiple initiatives and degrees of ambiguity

Nice To Haves

• Relevant certifications such as CISSP, CISM, CRISC, Security+, or similar are a plus.

Responsibilities

• Support Cyber Security risk management activities to identify, assess, and help mitigate risks, including contributing to the operation and continuous improvement of the Cyber Security framework
• Develop and maintain key performance indicators (KPIs), dashboards, and metrics to measure the effectiveness of initiatives
• Collaborate with cross-functional teams to help integrate Cyber Security assurance principles into business processes and systems
• Provide guidance and day-to-day support across the organization on Cyber Security assurance topics, following established standards and practices
• Monitor regulatory changes and industry trends and summarize impacts to policies, controls, and risk posture
• Coordinate evidence collection and respond to auditor inquiries in partnership with control owners and subject matter experts
• Contribute to strategic initiatives by supporting planning, tracking milestones, and producing high-quality deliverables
• Support continuous improvement of the data classification framework that categorizes data based on sensitivity and risk
• Partner with stakeholders at all levels of the organization to help ensure appropriate classification of data assets across the organization
• Assist with periodic reviews and updates to classification policies to align with regulatory changes and business needs
• Support identification and management of the organization’s critical data assets (“crown jewels”)
• Help implement and maintain security requirements and protection measures for high-value data assets in partnership with relevant teams
• Participate in assessments and control reviews related to crown jewel data to support compliance with security standards
• Support data discovery and inventory activities to improve visibility of data assets across the organization
• Utilize data discovery tools and techniques to help identify sensitive data and its locations
• Maintain an up-to-date inventory of data assets, including classification and documented protection measures
• Work closely with IT, compliance, and legal teams to help ensure alignment on data protection requirements and implementation plans
• Serve as a point of contact for data security inquiries by triaging requests and connecting teams with the right standards, processes, and subject matter experts
• Promote strong collaboration and alignment with broader GRC capabilities and ways of working

Benefits

• health care
• vision
• dental
• retirement
• PTO
• sick leave