Grc Lead Analyst Jobs

Security training and development is a plus but not requirement

Data analytics, KPI's, and reporting

Using Power BI for dashboards and reports

Opportunity to transition into full-time employee if interested

3+ years' experience with Policies & Procedures, Risk Management and Security Certifications/Framework is required

Strategizing, developing, implementing and managing our Risk Management Program

Stay current with the latest trends and updates with regards to governance, security, risk management, and compliance.

Regulatory experience in product development & certification (UL, ULC, CE) a bonus

Manage policy and procedure development and lifecycle, including collaboration activities for compliance

Communicate policies, procedures and requirements while engaging employees to drive behavior changes to increase policy and procedure compliance and reduce risks.

Bachelor’s degree in Information Technology, Risk Management, Computer Science, or related field. Equivalent experience considered, but degree highly preferred.

Broad knowledge of IT security industry trends including common information security management frameworks and controls, specifically NIST CSF

Proven experience working as a Compliance Analyst or similar role, with a strong understanding of PCI DSS standards and requirements.

Ability to operate with a high degree of independence in task and project management activities.

Security Certifications such as CISSP, CISA, or CRISC, or previous PCI ISA/QSA preferred.

Knowledge and understanding of security, regulatory, and privacy standards such as PCI DSS, GDPR, CCPA, HIPAA

Knowledge of cybersecurity capabilities, such as identity management standards, storage, and disaster recovery in the cloud

Bachelor’s degree (information cybersecurity, risk management, governance, etc.) or relevant years of experience

Experience designing, implementing, and measuring risk management critical success factors, KPI’s and metrics.

Experience in cyber security risk management design and deployment

Assist in development, management, and maintenance of IT security and compliance policies and standards

Assist in development, management, and maintenance of metrics and reporting to demonstrate technology policy, standards, guidance, adoption, implementation, and adherence

Experience with risk management frameworks

Bachelor's Degree in Information Systems, Information Security, Accounting or related field or an equivalent combination of education and experience

Technology or operational risk management related role performing risk management and analysis related activities

Comfortable and effective in building partnerships with organizational leaders and influencing senior management

Manage risk and vulnerability assessments, validation testing, compliance reviews, and audits in accordance with NIST standards

Maintain up-to-date knowledge of procedures and methods that serve to broaden team knowledge and industry expertise

Performs lifecycle management of Information Security related policies and standards

Stays updated with applicable compliance and regulatory requirements

8+ years of information security / information assurance experience required

In-depth knowledge of at least one compliance framework or regulation, such as SOC 2, COBIT, Sarbanes-Oxley, etc.

Demonstrated analytical, problem-solving, and critical thinking skills required

Strong verbal, written, communication and presentation skills required

Master’s or bachelor’s degree in computer science, information technology management, business management administration or related disciplines

Minimum 1-4 years of professional experience

Strong analytical and problem-solving skills with a history of learning and adapting quickly

Excellent written, verbal, and consultative skills (e.g., professionalism, collaboration, negotiation, conflict resolution, quick learner, etc.)

Prior experience working in a fast-paced, deadline-driven, team environment

Strong process and data analysis skills with the ability to communicate systems concepts in a meaningful business context

Master’s or bachelor’s degree in computer science, information technology management, business management administration or related disciplines

Minimum 1-4 years of professional experience

Strong analytical and problem-solving skills with a history of learning and adapting quickly

Excellent written, verbal, and consultative skills (e.g., professionalism, collaboration, negotiation, conflict resolution, quick learner, etc.)

Prior experience working in a fast-paced, deadline-driven, team environment

Strong process and data analysis skills with the ability to communicate systems concepts in a meaningful business context

Knowledge of risk management and assessment principles.

Knowledge of and experience with Federal security regulations, standards, and processes including FFIEC, HIPAA, NIST and CIP.

Participate in team/client problem solving efforts and offer ideas and solutions for resolution.

Actively expand consulting skills and professional development through mentoring, training courses, daily interaction with clients, and assigned developmental materials.

Bachelor’s Degree in Computer Technology or equivalent work experience.

General knowledge of information security and cybersecurity topics.

3-5 years’ experiencebuildingan Information Security Risk Management program.

3. Strong 3-5 years of experience in building an Information Security Risk Management program

1. Bachelor’s degree in Computer Engineering, Computer Science, or Information Systems Management

4. Work closely with management on security practices

8. Assist in maturing the Information Security Risk Management Program by helping to define an IS risk

mature the overall IS Risk Management Program which includes defining security system and application

Minimum of 3 years of experience in Information Security, IT, or GRC.

Demonstrable experience with frameworks such as NIST and ISO 27001.

Skill in prioritizing tasks in a fast-paced environment.

Benefits: Paid Time Off (PTO), 401k, Medical, Dental, and more.

Ensure compliance with internal governance and relevant frameworks.

Provide assistance during both internal and external audits.

Must possess knowledge and expertise in the use of risk management methodologies and tools (e.g. ServiceNow GRC, Control Frameworks).

Utilize time management and organizational skills and able to meet deadlines.

Plans and conducts audits under the direction of middle/senior level management or Program Manager (Audit, Risk & Compliance).

Coordinates day-to-day risk management activities with the CCMS organization for identifying, assessing, prioritizing, and treating risks.

Captures risk, assessments, and management actions in a risk register.

Assist middle/senior level management or program manager with liaison activities with internal business audit, compliance, regulatory, security and operations.

Minimum 4 years in IT related roles; 2 years of Information Security and related audit experience required.

Cloud security familiarity and/or experience,

Knowledge of common security tools; GRC-ISMS, SIEM, scan (vulns, configs, software, endpoint).

Experience using common enterprise tools such as Jira, Servicenow, G-Suite, Workday, Slack.

Cloud compliance experience for security and privacy.

Conduct and document security compliance assessments based on a variety of standards.

Experience developing and deploying risk management frameworks and programs, preferably with international experience in an e-commerce or technology related industry

Track and monitor remediation and risk management activities.

Deploy the risk management framework, processes, and tools to conduct risk assessments effectively and consistently.

Develop, implement, mature, and champion risk management processes and concepts.

Maintain a current and comprehensive understanding of relevant industry standards to incorporate into the risk management strategy, framework, and program.

Relevant security certifications, such as CISSP, CIPT, CIPP, CISM, CISA, ISO 27001 Lead Auditor are highly desired

5 years of work experience in Information Security, or IT Risk Management.

Experience designing, implementing, and executing IT Risk Management projects, information security governance, tools, and technologies across complex, large-scale environments,

Experience writing IT risk assessments and controls, and developing Information Security policies, procedures including Exception Management Processes

Exceptional leadership, verbal and written communication, and project management skills.

Knowledge, Skills, and Abilities (KSAs):

Must be able to weigh business needs against security concerns and articulate issues to management.

At least 3 years of experience in information technology, risk management, and compliance management

Experience supporting the conducting of risk assessments and the development of risk management plans

Support the development, implementation, and management of collaborative GRC programs across the organization, including policies, procedures, and controls.

Contribute to risk assessments and support the development of risk management plans to mitigate risks and provide reporting on findings.

Provide guidance and support to business units on compliance and risk management matters.

Support the management of internal and external audits and assessments and develop and implement corrective action plans as needed.

Detailed knowledge of compliance frameworks such as NIST CSF, SOC 2, ISO 27001, and ISO 27701.

Experience in having conducted security assessments, risk assessments, security control reviews, external security audits, including recommending compensating/mitigating controls to reduce risk.

Support our SOC2 and ISO27001/27701 preparation and audit activities. Also, you can help select tooling to make evidence collection bearable!

Perform periodic review of controls, identify weaknesses, and assist with remediation.

Assist in writing and maintaining our internal and external security and privacy policies.

Serve as a GRC subject matter expert for departments within the company.

Identify and communicate control gaps, evaluate management remediation action plans, and provide ongoing monitoring of resolution through briefings to senior management.

Provide expertise and consult with the objective of helping the organization manage risk to an acceptable level.

Maintain awareness of external regulations and industry standards for new or modified requirements.

Operational process design, improvement, and implementation experience.

Uses business knowledge, innovative thinking, and sound judgment in the solution of problems or the pursuit of business opportunities.

Relevant industry certifications (CISA, CISSP, CISM, CRISC, CIA, etc.).

Provide status reporting, activity scheduling, artifact collection and management, and other supporting tasks

Bachelor’s in information technology/Security, Computer Science is preferred, non-technical degrees with Computer Science fundamentals will be considered combined with technology experience

At least one Information Security certification such as CISA, CISSP, PMP, CRISC, etc. is preferred.

1-3 years of internal/external IT Compliance or Audit experience

2+ years of Information Technology experience

Knowledge of Smartsheet, JIRA/Confluence, and PowerBI a plus