Sr GRC Analyst

About The Position

Requirements

• Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience.
• At least 5 years experience in cybersecurity as a practitioner and with at least 5 years exposure to various security frameworks.
• Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities.
• Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, SOX, HIPAA, CCPA and GLBA.
• Additional experience in one or more of the following: ISO 27001/2, ITIL or NIST.
• Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business.
• Capacity to understand legacy and progressive technology and security controls along with respective risk.
• Working knowledge of technologies such as artificial intelligence, cloud computing, DevOps and application security is required.
• Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines.
• Track record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effectively.
• Prior experience with leading GRC systems.
• Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements.
• Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats.
• Successful track record of managing external entities’ contracts and relationships, and mitigating risks to business development opportunities.
• Familiarity with state, federal and international privacy laws.
• Highly trustworthy; leads by example.

Nice To Haves

• Certifications strongly preferred: CISA, CRISC, CISM, CISSP, ISO 27701 Lead Implementer

Responsibilities

• Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security.
• Maintain oversight in GRC-related platforms.
• Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks.
• Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
• Maintain strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities.
• Escalate to security management and business unit leads when points of weakness are discovered.
• Analyze findings, and document, recommend and report program gaps to security leadership.
• Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance.
• Apply GRC expertise across key lines of business, including products, practices and procedures.
• Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes.
• Maintain rigorous oversight of security systems and security configuration administration to reduce risk to enterprise systems and accounts.
• Act as a key participant in incident response to track occurrence and resolution, with strict documentation and reporting.
• Work in tandem with security, audit and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives.
• Attend and fully engage in change and project management meetings.
• Liaise with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
• Act as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance and privacy laws.
• Mentoring and coaching of junior GRC analysts
• Perform other duties as assigned.

Benefits

• paid time off
• health
• dental
• vision
• 401(k) savings plan with match