TitleInfo Security GRC Sr. Analyst (GRC601)
Quest
PA
hace 6 días

Overview

We are seeking a Jr- mid-level IT Security Governance Risk Compliance Analyst. This can be a remote role.

In this role, you will be responsible for working with subject matter experts (SME), business partners, and management to evaluate information security-related issues, develop remediation and mitigation plans, document policy, or exceptions.

Track progress towards issue closure. Issues include audit findings, control gaps, policy violations, and other security-related items.

Primary responsibilities of this role include the following :

  • Support the issue management program to ensure real-time updates are made to open issues.
  • Maintain the repository of logged issues and provide reporting where required.
  • Review internal policies, industry standards, and relevant regulations and understand how they apply within the organization
  • Guide issue documentation through approval workflows and incorporate feedback from each stage of the review process.
  • Support end-user questions, and conduct training related to the issue management program.
  • Develop and maintain indices, glossaries, and other supporting documentation.
  • Publish and distribute issue management program metrics and dashboards.
  • Responsibilities

    Associate degree and at least 0-3 years of directly related experience.

  • Familiar with information security and risk management concepts and standards as well as a general understanding of information technology systems and terminology.
  • Basic working knowledge of information security concepts and controls.
  • Ability to work within deadlines, juggle multiple priorities, design project plans, and provide project updates.
  • Ability to work independently with little direction and / or supervision.
  • Superior communication skills with the ability to ask questions, escalate roadblocks early and interact effectively at multiple levels in the organization.
  • Keen attention to detail with the ability to correct on the fly and work independently
  • Analytical aptitude with an emphasis on investigative, methodical critical questioning, and logical thinking; a data-driven decision-maker.
  • General understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy, and / or data security.
  • High-level interpersonal skills.
  • Qualifications

  • A general understanding of SOC1, SOC2, PCI, GDPR, CCPA and similar IT Compliance and Privacy regulations as well as industry standards such as NIST 800-35 and ISO 2700x is preferred.
  • General understanding of mitigation methodologies and regulatory requirements pertaining to information security, privacy, and / or data security.
  • Professional Certifications such as CIPP (Certified Information Privacy Professional), CRISC (Certified in Risk and Information Systems Control), CISA (Certified Information System Auditor), CISSP (Certified Information Security Professional) or CISM (Certified Information Systems Manager) is strongly preferred.
  • Reportar esta oferta
    checkmark

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Inscribirse
    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Continuar
    Formulario de postulación