Sr GRC Analyst

Are you looking for an opportunity to take your GCR experience and bring it to an organization that is driving a security strategy forward?  They need your expertise with this growing team to influence others and move the security standards forward.  

 

Identifying, prioritizing, monitoring and reporting technology risks and controls including performing risk and controls assessments. Works closely with the operational, technical, and corporate function personnel to foster a technology risk management culture, challenge assumptions and to assist in communicating a holistic risk profile of technology risk to Executive management and various stakeholders. The Senior Governance, Risk & Compliance Analyst assists with oversight of compliance standards and corporate policies.

This role also interfaces between Legal/ Compliance and both internal and external auditors for compliance initiatives, including providing requested audit inputs.  The Sr. Analyst will be well versed in a variety of regulations such as DFARs, NERC CIP and NIST CSF. This position will be part of the team responsible for establishing and maintaining an enterprise Information Security Governance, Risk and Compliance vision, strategy and program. 

Responsibilities

  • Assists with the development of the continuous audit/monitoring program to include designing and analyzing control tests for IT systems and high-risk technical areas
  • Audit systems around NERC CIP and DFARS controls
  • Work individually and on teams to support the completion of specific tasks within time and budget constraints and interface with the customer/client/stakeholder on a day-to-day basis
  • Apply their expertise to the practical issues they identify or those presented by the customer/client/stakeholder
  • Assist the stakeholders to formulate solutions, prepare deliverables, and documentation
  • Develop and maintain quarterly continuous audit/monitoring updates/reporting 
  • Explain complex information to others, including new controls, requirements and evidence material 
  • Provide audit guidance and respond to customer inquiries, as needed 
  • Assist with documenting and reporting actual or potential information security violations 
  • Provide governance and compliance consulting to the business, and recommend steps to mitigate potential exceptions 
  • Solve problems in straightforward situations and within guidelines 
  • Monitor systems for compliance to Information Security Policy and Standards 
  • Direct the work of staff and review work, deliverables and reports for accuracy and completeness
  • Monitor internal and external business, regulatory and technology environment to identify new or emerging risks and verify remediation of issues
  • Understand and articulate risks associated with technology processes and IT general controls and identify process and control gaps proactively
  • Assist in the coordination and/or perform risk assessments and audit processes against a wide variety of security and privacy regulatory and compliance frameworks for several products
  • Liaise across relevant business, technology, and control functions to prioritize risks, challenge technology risk decisions, assumptions and tolerances, and drive appropriate risk response
  • Contribute to the establishment of metrics and tools to assess and report on inherent risks, control strength and residual risk in a consistent and objective manner
  • Assist with the development and validation of remediation plans for technology deficiencies
  • Improve controls for internal systems, policies and processes
  • Monitor compliance initiatives and control effectiveness
  • Collaborate with internal teams and external auditors throughout compliance, audit, and attestation engagements
  • Stay current on security industry trends, relevant compliance requirements, and security best practices by attending conferences, networking with peers, and other educational opportunities
  • Mentor and train less experienced staff

 

Qualifications 

  • Bachelor’s Degree or higher strongly preferred with experience in IT Audit or Advisory, IT Risk & Compliance, Information Security, Computer Information Systems, or Management Information Systems
  • Minimum of 4 years' experience auditing information systems desired with emphasis around NERC CIP and DFARs regulations
  • Three or more years in IT Risk, Compliance, Business Continuity/Disaster Recovery, or a combination of in a closely related field
  • Must have and maintain or be able to obtain within one year of employment at least one of the following certification: CISSP, CISA, CRISC or equivalent designation.
  • Demonstrate solid knowledge on technology processes, risks and issues including within infrastructure, information security, SDLC and Enterprise Service Management utilizing various IT controls frameworks (i.e. NERC CIP, DFARS, NIST CSF)
  • Capable of identifying, evaluating and mitigating significant risks within an enterprise
  • Strong working experience with Microsoft Office Suite and GRC tools (i.e. RSA Archer)
  • Ability to document and explain findings, risks and vulnerabilities to both business and technical stakeholders
  • Possess strong influencing, negotiating, and relationship building skill
  • Experience supervising staff
  • Strong oral and written communication skills and the ability to work well with people from many different disciplines with varying degrees of technical experience
  • Possess strong analytical skills and attention to detail
  • Must be able to work independently
  • Must be proficient in NERC CIP and DFARS regulatory requirements
  • Experience with Big 4 or within an internal audit department desired

#advantagetech 

 

Submit Resume