GRC Analyst

Under minimal direction, the Senior Information Security Analyst – Governance/Risk/Compliance (GRC) will perform all procedures necessary to ensure information security solutions are designed, and implemented to meet security standards and protect systems from intentional or inadvertent access.

NO C2C, H1B OR THIRD PARTIES NEED APPLY!

• Conducts security risk assessments and facilitates review of Cybersecurity documentation and processes.
• Performs third-party vendor security risk assessments, as required to support governance efforts.
• Develops charters and project plans with goals, strategy, staffing, scheduling, identification of risks, contingency plans and allocation of available resources.
• Plans and coordinates activities of project team to ensure project progresses on schedule within budget.
• Provides leadership motivation to project team members throughout the project life cycle.
• Manages / oversees vendor relationships including 3rd party implementation and/or development teams.
• Provides weekly status reports to Cybersecurity leadership and key project stakeholders.
• Prepares periodic and ad hoc reports for technical management and distributes project status reports, vendor reports, SOWs, requirements documents, policies and procedures.
• Manages business expectations, project issues, decisions risks, including escalation to sponsors.
• Oversees all project activities on a day-to-day basis to make sure on-time completion of planned tasks.
• Develops policy drafts, procedures, educational materials, strategy/technology roadmaps, Request for Proposal/Offers (RFP/RFO’s), project plans, communications, and presentations to support the overall delivery of IT Security objectives.
• Supports development of remediation plans and proactively track progress of remediation efforts to ensure open issues/risks are addressed and assist in presenting cybersecurity risks and gaps to stakeholders as appropriate.
• Conducts communications and Cybersecurity training sessions to support the success of the program.
• Designs and implements tools and processes to proactively monitor and govern the effectiveness of Information security controls and services.
• Develops and maintains metrics, dashboards and/or regular reports to communicate IT security risks.
• Other duties as assigned.

Education:

• High School diploma, or G.E.D. equivalency from an accredited educational institution.

Experience:

• Four (4) years of work experience in Information Security, Information Technology, Computer Science, or related field.
• Experience designing, implementing, and executing IT Risk Management projects, cybersecurity governance, tools, and technologies across complex, large-scale environments.
• Ability to build and maintain strong relationships across departments/teams and effectively communicate solution designs to stakeholders and leadership.
• A passion for cybersecurity, self-starter mentality, flexibility, and willingness to take on new challenges and ability to thrive in a team environment.

Certification:

• Comptia Security+, Certified Information Systems Security Professional (CISSP), Global Information Assurance Certification (GIAC), Certified in Risk and Information Systems Control (CRISC), Certified Information Security Manager (CISM), or Project Management Professional (PMP) Certification is preferred

Experience:

• Experience in design, implementation and operational support of cybersecurity governance solutions, tools, technologies and processes including cloud compliance and security
• Experience consulting with business and technology partners on general security requirements and best practices
• Experience with Governance, Risk & Compliance (GRC) tools
• Experience with MS Office 365, SharePoint and Power
  
  BI reporting

• A broad understanding of cybersecurity concepts across multiple domains, applicable security models (e.g., NIST and CIS Critical Security Controls) and regulations (e.g. CJIS, PCI, HIPAA, and Privacy Act).
• Strong organizational skills, including the ability to drive adherence to cybersecurity processes and tools and to keep focus on multiple tracks of work and open issues in parallel.
• Knowledge of penetration testing and vulnerability assessments.
• Exceptional leadership, verbal and written communication, and project management skills.
• Ability to confront challenges in a constructive fashion and influence others through consensus building techniques.
• Strong technical writing, research, analysis, and analytical/problem solving skills.

• Mid-Senior level

• Contract

• Information Technology

• Government Administration