GRC Analyst- (Policy development and Control mapping)

  • Posted 7 hours ago | Updated 7 hours ago

Overview

Remote
Depends on Experience
Contract - Independent
Contract - W2
Contract - 12 Month(s)

Skills

GRC Analyst
policy development
control mapping

Job Details

Qualifications:

-10+ years in Governance, Risk and Compliance

-Expertise in policy development and control mapping

-Experience working cross-functionally with cybersecurity, automation, and cloud domains

-Excellent communication skills enabling them to work closely with executive management on reviewing InfoSec policies across access control and software development

-Extensive background in conducting scheduled vulnerability scans and enterprise risk management assessments

-Deep knowledge of FAIR risk management models for risk assessment

-Knowledge of NIST framework and CIS standards

-Experience implementing best practices in data encryption, business continuity and disaster recovery

-Experience creating service-management metrics, continual improvement roadmaps, and rigorous processes for production test and release requirements

Responsibilities Overview:

This person will be asked to craft policies that align with strategic objectives and regulatory requirements. This is complemented by repeatable workflows and IT Service Management procedure run-books, promoting cross-functional efficiency. They will also need to complete an annual review and approval of information security policies by Executive Management, ensuring they remain contemporary and robust across various dimensions like access control and secure software development.

For risk assessment, this resource will assist in conducting scheduled vulnerability scans and enterprise risk management assessments. This includes AI-driven documentation retrieval and issue tracking, enhancing rapid response capabilities and proactive risk mitigation by identifying regulatory changes and potential vulnerabilities. Risk assessment strategies should utilize FAIR quantitative risk management models and employ managed advisory services to address governance and compliance challenges.

The GRC Analyst should maintain adherence to industry standards such as the NIST Cybersecurity Framework and CIS standards, ensuring robust practices like data encryption, business continuity and disaster recovery are consistently implemented. They will be asked to create service-management metrics, continual improvement roadmaps, and rigorous processes for production test and release requirements, maintaining compliance throughout the system lifecycle. They will further support this effort by advising on frameworks to boost governance and provide compliance oversight.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

About Magicforce