GRC Security Analyst II

GRC Security Analyst II

We are seeking a skilled and detail-oriented Level 2GRC(Governance, Risk, and Compliance)Analystto support ourGRCteam. This role involves assisting in the development, implementation, and management of ourGRCframework to ensure compliance with industry standards and regulatory requirements. The Level 2GRCAnalystwill work closely with various departments to integrateGRCpractices into daily operations and strategic planning.

Key Responsibilities:

Governance:

• Support the organization's governance framework to ensure its effectiveness.
• Assist in aligningGRCinitiatives with business objectives.
• Monitor and report on governance practices.
• Willingness to understand and assist in annualsecurityawareness training.

Risk Management:

• Identify, assess, and report risks across the organization.
• Assist in developing and maintaining risk management policies and procedures.
• Conduct regular risk assessments and audits to ensure compliance with regulatory requirements.
• Help build remediation plans for business risks identified during risk assessments, audits, inspections, etc.
• Review authorization and assurance documents to confirm that the level of risk is within acceptable limits.
• Willingness to plan, execute, and overseesecurity-related projects.
• Willingness to analyzesecuritydata to identify trends and insights.

Compliance:

• Ensure compliance with relevant laws, regulations, and industry standards.
• Assist in developing and implementing InfoSec training programs for employees.
• Monitor and report on compliance activities and issues.
• Provide subject matter expertise to Contract Managers, Business Unit Managers, and third-party relationship managers to ensure third-party risk management program compliance.
• Willingness to become familiar with Jira and Confluence.

Technology and Analytics:

• UtilizeGRCtools and technologies to enhance risk management and compliance efforts.
• Analyze data to identify trends and areas for improvement.
• Stay updated on emerging technologies and best practices inGRC.
• Proficiency in using data analytics tools like Tableau or Excel for reporting and visualization.
• Have knowledge of Cloud Platforms like AWS and Azure.

Collaboration and Communication:

• Work with stakeholders to communicate business risk and risk mediation in accordance with agreed protection levels.
• Collaborate with business leaders to balancesecurityrequirements with business agility, innovation, and growth.
• Provide key inputs and collaboration with various risk/compliance departments (i.e., Internal Audit, Procurement, Legal).
• Effective oral and written communication for engagement with colleagues and internal users/customers.

CybersecurityRisk Management:

• Understand how differentsecurityrisks can affect the organization's operations.
• Assure successful implementation and functionality ofsecurityrequirements and appropriate IT policies and procedures.
• Willingness to assist with the Vulnerability Management program using tools like Defender VM and Qualys.-

Qualifications:

• Education: Bachelor's or higher in Computer Science/Engineering or other relevant degrees in Information Technology.
• Experience: 2-4 years of relevant experience in InformationSecurity, IT, or Finance.
• Strong knowledge ofGRCframeworks and industry standards.
• Excellent analytical, problem-solving, and communication skills.
• Experience or willing to understand regulatory compliance, risk management frameworks, and informationsecuritymanagement frameworks (e.g., ISO 27000, NIST CSF, NIST Risk Management Framework, ISO 27005, etc.).

Preferred Qualifications:- North Star

• Relevant certifications (e.g., CISA, CRISC, CGEIT).
• Experience with regulatory tracking and intelligence systems.
• Knowledge of quantitative risk management and analytics.
• Willingness to learn and apply knowledge of ISO 27001 and NIST CSF Framework.