GRC Analyst
TTM Technologies
Cyber Security
Salary
💰 $155,000 - $165,000 per year
Job Level
Senior
Tech Stack
Cyber Security
About the role
- Review the current documents to identify and prioritize the requirements for revisions.
- Create new security policies, standards, and responsibility models to clearly define the organization's security practices and responsibilities.
- Assess, deploy, and manage the GRC tool to streamline the GRC processes.
- Establish and oversee the policy and standards attestation process involving all stakeholders.
- Establish and oversee the process for policy and standards exceptions.
- Develop and oversee a Cybersecurity Awareness Training program.
- Facilitate document development and revision through meetings and workshops with SMEs, and secure consensus from their leadership.
- Develop questionnaires to evaluate the compliance of existing cybersecurity policies and standards and identify gaps in the organization’s Cybersecurity Risk Register.
- Oversee the management of cybersecurity controls and framework implementation, along with continuous maintenance.
- Develop and maintain an inventory of cybersecurity controls aligned with industry standards (e.g., NIST, SOC2, ISO 27001, CIS) and regulatory requirements (e.g., GDPR, CCPA, and SOX).
Requirements
- Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering, or a related field.
- 5+ years of experience in information technology or information security, including over 3 years of experience authoring security policies, standards, and procedures.
- A strong understanding of cybersecurity controls, risk mitigation strategies, and their application for data protection and privacy compliance.
- Security and compliance certifications, such as CISSP, CISA, CISM, CGEIT, or CRISC, are preferred.
- Prior experience leading the evaluation, implementation, and administration of a GRC tool is highly preferred.
- Identity and access management and governance concepts and technologies, such as Microsoft Entra, Active Directory, PAM, etc.
- Vulnerability management platforms such as Rapid7 and Wiz.
- IT asset management, Configuration Management Databases (CMDB), and network asset discovery tools.
- Control frameworks and objectives (e.g., NIST CSF, NIST RMF, PCI-DSS, SOX, SOC 2, GDPR, CCPA, etc.).
- Operating systems, databases, and middleware components.
- Performing compliance and risk assessments.
- Management of IT and security projects.
- Jira, Slack, and Office 365 tools (including Word, Excel, SharePoint, OneDrive, Teams, and PowerPoint).
- Self-motivated and results-oriented, with the ability to prioritize conflicting tasks.
- Exceptional organizational skills for balancing work and leading projects.
- Strong verbal and written communication skills.
- The candidate must build consensus, collaborate, and establish strong relationships with various internal and external stakeholders (business, development, security, auditors, legal, etc.).
- Ability to adapt and apply information to new situations and technologies.
- Business Wire will not sponsor a new applicant for employment authorization for this position.
