Cybersecurity Governance And Risk Analyst Jobs

Review and communicate engagement results, findings and recommendations to account partner, client management and key stakeholders.

Strong report writing and presentation skills, an analytical mind, and problem-solving abilities

Strong Understanding of GRC processes (Risk Assessment, Controls, Regulatory Change Management and policy and procedures management.

Preparing business requirements document, process flows, process, and control documentation in form of Risk Control Matrices (RCM), SOPs, narratives, etc

Graduate degree in Accounting & Finance required

Experience on working on different GRC tools.

Knowledge of U.S. Federal Government security compliance, risk management processes and requirements, including NIST RMF and NIST 800-53 Rev 5 controls

Strong stakeholder and relationship management skills

Knowledge of local legal and regulatory security requirements including HIPAA, FedRAMP, and GDPR/privacy

Have a working knowledge of the NIST CSF and RMF frameworks

Bachelor's degree with a minimum of 8 years of experience

Experience managing Agile projects with a focus on duties related to Product Owner

Coordinate and address supply chain/third-party cybersecurity risk management concerns

Maintain leading-edge knowledge on the impacts of emerging technologies on Qorvo’s cybersecurity capabilities and broadly share this knowledge with relevant stakeholders

Specific experience with U.S. Federal cybersecurity compliance requirements (NIST 800-53, NIST 800-171 and/or CMMC

Extensive experience with various security compliance requirements, regulations, and frameworks (e.g., CMMC, PCI-DSS, HIPAA, ISO-2700X, NIST 800-171, NIST-CSF)

Experience working with third-party Managed Security Service Providers (MSSPs)

Ability to communicate technical solutions to project management, development team, operations team, information security team and IT solutions team

Proven continuous improvement analytical experience including strong project management and reporting capabilities

Competitive benefits like 401k matching, 11 federal holidays, etc.

Analyzes and reports risks and vulnerabilities from various sources (e.g., vulnerability scanners, audit reports, security control assessments, penetration tests)

Coordinates requirements and responses for all Cybersecurity related compliance items

Effectively prioritize and manage multiple projects and deadlines

Minimum of ten (10) years of general experience and eight (8) years IT Security experience, preferably in cyber risk and compliance

At least 3 to 5 years of IT Audit, SOX, or IT Security risk assessment experience

Solid knowledge of risk and security frameworks like NIST, ISO, and COSO

Experience working in a governance environment leveraging a risk and controls mindset.

1-3 years’ experience across IT domains such as application development, infrastructure, technical support and operations, or continuity of business

Key industry certifications such as CISA, CISM, CISSP, etc.

Experience across IT domains such as application development, infrastructure, technical support and operations, or continuity of business.

Utilize ServiceNow to manage TS audits and policies

Education: Bachelor's Degree in Computer Science, Information Systems, Business Administration, Mathematics or a related field

Collaborate with the CCD Auditors Office throughout audit engagements

Assist in the collection/creation of audit deliverables

Work with TS stakeholders and advise on implementation of internal controls and safeguards in response to audit findings

Utilize ServiceNow to approve third party file share permission requests

Implements and manages governance technology platforms including Archer Integrated Risk Management Platform and ACES Quality Management Software.

Expectation of both remote work along with in office days.

Oversees system integration and enhancement projects, including requirements gathering, adequate scoping, resource allocation, roadmap development, and timely project completion.

Manage technology upgrades, maintenance, and issue resolution as needed in close collaboration with IT team and GRC third-party provider.

Provides input and actively implements strategic plan for the team, manages and maintains team procedures, development documentation, and record retention.

3+ years RSA Archer experience in building Advanced Workflow, Access Control, UI design, Reporting, Dashboards, iViews and DDEs

Project management and organizational skills;

Knowledge, Skills, and Abilities (7-10 bullets)

Tactful and diplomatic when engaging with all levels of management always maintaining a professional demeanor.

Continuously look to optimize processes, technology and capabilities through tactical and strategic development.

5+ years direct experience with information security, IT controls assurance and IT audit facilitation

Experience in cloud-based environments for production applications, including Amazon Web Services, Microsoft Azure, GCP or other large-scale cloud deployment

Knowledge of Information Security Risk Management, risk mitigation, RTP.

Project Management skills Skills in preparing documentation, and delivering professional presentations.

GRC tool knowledge or certification is a highly desirable.

Certification in ISMS (ISO 27001) is desired.

ISACA Certification like CISA is desired.

Fundamental knowledge of the system development lifecycle and system development methodologies.

Demonstrated experience with common compliance frameworks (SOX, GDPR, CCPA, PCI, ISO27000, NIST Cybersecurity Framework, NIST SP800-53)

Strong written and spoken communication skills when responding to external requests

Are passionate about our clients and live/breathe the client experience.

Understanding of common vendor risks and common vendor attestations (SSAE16, SOC2, SIG-Full/Lite)

Demonstrated ability to drive multiple workstreams in parallel within GRC

YOU’RE EXCITED ABOUT THIS OPPORTUNITY BECAUSE...

Lead the supplier risk management process to identify and mitigate the risk of third-party relationships.

Compliance for regulatory requirements such as SOC2, FedRAMP, NIST 800-171, CMMC, and new regulatory initiatives applicable to the business.

Documentation review, drafting of policy, procedures and standards, certification and accreditation documents.

Manage various projects, including effective project tracking, issue handling, and follow up.

You're collaborative, building relationships, humbly offering support and openly welcoming approaches.

Location: Fully Remote, with the opportunity to work from anywhere in the United States.

Bachelor’s degree in related field (IT or Cybersecurity) or equivalent combination of experience and education/certification

Minimum of 2 years of experience in developing and operationalizing crisis management plans, including business impact assessments and risk management

Minimum of 2 years of experience in successfully managing complex global cybersecurity programs/project

Minimum of 2 years of experience with driving risk reduction through vulnerability remediation

Understanding of security compliance requirements (ISO27001, SOC 2, FedRAMP, NIST 800-171

Scripting knowledge using Python is strongly desired

Strong knowledge of and experience in all facets of integrated security governance, risk, and compliance management

8+ years of relevant industry experience

Current Security CISSP, CRISC, CISM or equivalent certification completed or currently in progress

Experience in running long-term, complex security programs that deliver iterative improvements and risk reduction

Strong communication, interpersonal and leadership skills to work with both engineering and other non-technical stakeholders

Bachelor's degree in Computer Science, a related field, or equivalent practical experience

Build and maintain enterprise risk management tools (Power BI, Category Based Risk Assessment).

Ability to build relationships and collaborate with all levels of management and partners across the organization.

10+ years of experience in Enterprise Risk, Governance, Compliance, Internal Audit and/or Business/Regulatory-related risk role.

Experience developing a diverse team of both technical and non-technical resources is necessary.

Preference for this role is to be located in Houston. However, we are open to remote candidates.

Key responsibilities of this position include:

Thorough with strong project and time management, report writing and presentation skills.

Experience with Information/Technology Risk Management, Supply Chain Risk Management, Third Party Risk Management, and/or Global Regulatory Compliance.

Support in management of the intake queue for new risk assessments across the organization.

Improve metrics and identify trends for risk management activities and drive visibility and transparency of business value for completed work.

Advise and influence global technology and business management regarding security standard methodologies, risk analysis, risk mitigation and reporting.

Strong ability to assess urgency and prioritization and make good decisions based upon business or market requirements.

Compensation/Benefits Information (US Applicants Only):

What’s in it for you:

Grade/Level ( relevant for internal applicants only ):

Stakeholder and relationship management skills

Awareness of the legal and regulatory security requirements

Knowledge of cyber security frameworks such as ISO2700 and NIST

Base pay will depend on the position, individual qualifications, market, and other operational business needs.

Responding to requests from customers for information on our security measures

Reviewing security clauses in customer and vendor contracts

IT audit and compliance experience of applicable regulatory requirements including NIST 800-171 and CMMC.

Tailored management and leadership training

Ensures the enforcement of CAES security requirements including, but not limited to, Export Control and Controlled Unclassified Information (CUI).

Experience in Information Security integration and compliance to support mergers and acquisition.

Experience in building and managing third-party risk assessment programs to support the cybersecurity function within supply chain sourcing and operations.

Experience in developing, supporting and executing corporate privacy programs based on GDPR and CCPA.