Security GRC Analyst

Security GRC Analyst

Requirements

• Good understanding of Information Security principles and technologies, technical information, and security concepts.
• Demonstrated conceptual, analytical, and innovative problem-solving and evaluative skills, and an ability to conduct independent research and analysis, identify issues, formulate options, and make conclusions.
• Understanding of existing and emerging technologies.
• Project management skills – planning, status reporting, issues resolution, risk mitigation.
• Highly effective communication with all levels of the organization including senior and executive management.
• Ability to deliver high-quality documentation deliverables including business requirements documents, design documents, test cases, and end user training guides.
• Strong organizational, interpersonal and presentation skills.
• Excellent written and oral communication skills.
• Ability to multi-task and handle multiple projects at the same time.
• Exceptional problem solving, critical thinking, and analytical skills.
• Bachelor’s Degree in Information Technology, Computer Science, Computer Information Systems, Risk Management, Cybersecurity, or equivalent educational or professional experience/qualifications.
• Understanding of security controls (e.g. secure software development, access control, auditing, authentication, encryption, integrity, physical security, and application security).
• Strong problem-solving skills, including the ability to develop innovative risk mitigation solutions that address core issues.
• Team-oriented with experience working with diverse teams.

Responsibilities

• Work under the direction of the Senior Director of Global Security Governance, Risk, and Compliance in supporting security risk management, security maturity assessments, cloud security governance and reporting efforts.
• Assist in leading risk assessments and risk reporting.
• Monitor risk findings and remediation efforts.
• Follow-up with risk owners on risk remediation and act as a security ambassador to assist teams with risk mitigation and treatment.
• Understand and update the risk model.
• Assist with the continuous monitoring of security GRC functions, developing executive reporting, and performing security risk management.
• Support security compliance and certification functions such as ISO 27001, HIPAA, NIST CSF, GDPR, and SOC2.
• Develop strong working relationships with support teams, management, and cross functional working groups.
• Manage status and reporting on activities, issues, projects to team leadership.
• Strengthen technical ability to understand security risk and mitigating/compensating controls.
• Stay current on security industry trends, attack techniques, mitigation techniques, and security technologies by attending conferences, networking with peers, and other educational opportunities.

Preferred Qualifications

No preferred qualifications provided.