Business Wire

Senior GRC Analyst

Business Wire

full-time

Posted on:

Origin:  • 🇺🇸 United States

Visit company website
AI Apply
Manual Apply

Salary

💰 $155,000 - $165,000 per year

Job Level

Senior

Tech Stack

Cyber Security

About the role

  • Review the current documents to identify and prioritize the requirements for revisions.
  • Create new security policies, standards, and responsibility models to clearly define the organization's security practices and responsibilities.
  • Assess, deploy, and manage the GRC tool to streamline the GRC processes.
  • Establish and oversee the policy and standards attestation process involving all stakeholders.
  • Establish and oversee the process for policy and standards exceptions.
  • Develop and oversee a Cybersecurity Awareness Training program.
  • Facilitate document development and revision through meetings and workshops with SMEs, and secure consensus from their leadership.
  • Develop questionnaires to evaluate the compliance of existing cybersecurity policies and standards and identify gaps in the organization’s Cybersecurity Risk Register.
  • Oversee the management of cybersecurity controls and framework implementation, along with continuous maintenance.
  • Develop and maintain an inventory of cybersecurity controls aligned with industry standards (e.g., NIST, SOC2, ISO 27001, CIS) and regulatory requirements (e.g., GDPR, CCPA, and SOX).

Requirements

  • Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering, or a related field.
  • 5+ years of experience in information technology or information security, including over 3 years of experience authoring security policies, standards, and procedures.
  • A strong understanding of cybersecurity controls, risk mitigation strategies, and their application for data protection and privacy compliance.
  • Security and compliance certifications, such as CISSP, CISA, CISM, CGEIT, or CRISC, are preferred.
  • Prior experience leading the evaluation, implementation, and administration of a GRC tool is highly preferred.
  • Identity and access management and governance concepts and technologies, such as Microsoft Entra, Active Directory, PAM, etc.
  • Vulnerability management platforms such as Rapid7 and Wiz.
  • IT asset management, Configuration Management Databases (CMDB), and network asset discovery tools.
  • Control frameworks and objectives (e.g., NIST CSF, NIST RMF, PCI-DSS, SOX, SOC 2, GDPR, CCPA, etc.).
  • Operating systems, databases, and middleware components.
  • Performing compliance and risk assessments.
  • Management of IT and security projects.
  • Jira, Slack, and Office 365 tools (including Word, Excel, SharePoint, OneDrive, Teams, and PowerPoint).
  • Self-motivated and results-oriented, with the ability to prioritize conflicting tasks.
  • Exceptional organizational skills for balancing work and leading projects.
  • Strong verbal and written communication skills.
  • The candidate must build consensus, collaborate, and establish strong relationships with various internal and external stakeholders (business, development, security, auditors, legal, etc.).
  • Ability to adapt and apply information to new situations and technologies.
  • Business Wire will not sponsor a new applicant for employment authorization for this position.