SUMMARYThe Senior Security Analyst – GRC (Governance, Risk and Compliance) is a member of the IT Security team and works closely with other IT teams and business stakeholders in the development and automation of core functions supporting the Information Security program.
This person will work to support the continued maturity of the GRC program through the development and compliance to IT Security Policies and Procedures, Security Awareness Training, support GRC Audit deliverables and respond to client related security inquiries.
RESPONSIBILITIES- Support client interactions through completion/timely response to client security inquiries, questionnaires, participation in onsite and virtual audits and risk remediation.
- Oversee vendor relationship for applicable third party vendors providing service delivery of GRC related functions to include but not limited to vendor management, security awareness and professional services.
- Support GRC program through service delivery and oversite of operational activities and related functions to include but not limited to vendor management, security awareness, audit and compliance and exception management.
- Oversee platform administration of GRC related solutions as required and develop/ maintain system documentation supporting usage of third party solutions in the delivery of vendor management, security awareness training and phishing campaigns.
- Provide input and analysis in the development and deployment of IT security service deliverables to include but not limited to policy and procedures, risk assessment and control evaluation, security awareness and training, exception management and risk remediation.
- Provide input and consultation to IT and business resources in the mapping and alignment of Security Policies against prescribed control frameworks, to include but not limited to ISO 27001, ISF Standard of Good Practice for Information Security.
- Liaise with IT and business partners to provide guidance with ensuring compliance to IT security policies and procedures, communication of security requirements and tracking and reporting of compliance status.
- Lead onsite and virtual audits on behalf of GRC team, acting as primary liaison to auditors.
- Liaise with IT and Business Risk Owners in the management of risk treatment/acceptance plans for related security risks and work within the information security governance process to define control recommendations that are both efficient and effective.
- Participate and contribute to information security working groups and team meetings.
- Consolidate and manage monthly dashboards and reporting of service deliverables on behalf of GRC team and communicate to management.
- Maintain documentation of client interactions, risk assessments and IT Security Polices and supporting procedures within document management system.
REQUIREMENTS - Bachelor's degree, ideally in an IT or Security related field
- 4+ years of experience of IT Security experience focusing on governance, risk and/or compliance
- 1+ year of Cloud Security Analysis Experience
NICE TO HAVES- CISSP certification
- CISA certification
- Understanding of Control Standard Frameworks such as ISO 27001, ISF Standard of Good Practice for Information Security, etc.
