Fragomen

IT GRC Analyst

Fragomen

full-time

Posted on:

Location Type: Remote

Location: United States

Visit company website

Explore more

AI Apply
Apply

Tech Stack

Cyber Security

About the role

  • Operationalizing Risk Management: Understand industry standard cybersecurity risks and how controls affect them.
  • Understand how GRC platforms work and how they support Risk Management.
  • Develop trusted relationships with senior business partners to gain an in-depth understanding of key business processes, products and services, and influences others to ensure business case and customer satisfaction goals are met.
  • Acquire fundamental knowledge of all Fragomen areas to better understand emerging risks.
  • Support the Service Delivery function to deliver reliable, best-in-class support services in a manner that meets our contractual obligations and delights our customers and clients.
  • Assist with vendor and third-party risk management.
  • Support ISO 27001, SOC 2 type 2 and PCI audits by gathering and documenting how Fragomen is meeting the control objectives identified in these standards.
  • Support completing client facing requests demonstrating Fragomen’s security controls to include demonstrating and understanding technical security controls.
  • Work closely with IT internal audit to meet IT security compliance obligations.
  • Collaboratively work with teammates and internal Fragomen teams and take direction from management to resolve assigned Client support work items with both speed and quality.
  • Acquire fundamental knowledge of all Compliance Operations areas to gain comprehensive knowledge of operations and industry standard best practices.
  • Support security awareness programs.
  • Collaborate with GRC oriented teams - the Office of Audit and Privacy, the Office of General Counsel, Information Security and Compliance - and legal/client relationship teams to continuously improve and demonstrate the firm’s commitment to data privacy and security.
  • Produce written and verbal communication, that when escalating matters, is summarized, and always clear and concise.
  • Provide ideas and suggestions for department process improvements.

Requirements

  • Minimum of 5 years of experience in the IT Security GRC field based on work history and/or education.
  • A strong understanding information security and data privacy frameworks and their control objectives including NIST Cyber Security Framework (CSF), NIST 800-53, and CIS.
  • Experience supporting ISO27X series, SOC2 and PCI compliance requirements and external audits, including control and evidence documentation.
  • Broad knowledge of Data Privacy regulatory landscape including but not limited to GDPR.
  • Experience in risk management and project management, including but not limited to documenting and developing remediation plans.
  • Experience supporting security awareness training.
  • Drafting IT Policies that align with industry best practice and cybersecurity frameworks.
  • Strong communication skills both written and verbal.
  • Outstanding work ethic.
Benefits
  • Health insurance
  • 401(k) matching
  • Flexible work hours
  • Paid time off
  • Remote work options
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
cybersecurity risk managementGRC platformsISO 27001SOC 2 type 2PCI complianceNIST Cyber Security FrameworkNIST 800-53CISrisk managementproject management
Soft Skills
communication skillsrelationship buildingcollaborationproblem solvingprocess improvementcustomer satisfactionteamworkleadershipwritten communicationwork ethic