Security Analyst (Governance, Risk & Compliance)

Job Title: Technology Security Analyst (Governance, Risk & Compliance)
Location: Jacksonville, FL
Job Type: Contract
Industry: Utilities / Energy

Job Summary:

We are seeking an experienced, detail-oriented, and strategic-thinking Information Security Analyst with a strong background in Governance, Risk, and Compliance (GRC). This role supports cybersecurity initiatives within the utility sector, managing risk, shaping policy, and fostering a culture of compliance and security awareness.

Key Responsibilities:

• Monitor, evaluate, and support cybersecurity and regulatory compliance across IT and OT environments.

• Assist in third-party risk assessments, vendor security reviews, and contract evaluations.

• Develop, maintain, and enforce security policies, standards, and procedures.

• Conduct risk assessments and coordinate remediation activities.

• Maintain GRC documentation (risk registers, control matrices, incident logs).

• Manage audit evidence collection for regulatory audits (NERC CIP, HIPAA, PCI-DSS).

• Monitor regulatory changes and enhance compliance programs.

• Organize and participate in cybersecurity training and awareness programs.

• Collaborate cross-functionally with teams including Engineering, HR, Legal, and Operations.

• Analyze security events, maintain asset inventories, and validate security controls.

• Liaise with external auditors, vendors, and regulatory bodies.

Required Skills & Competencies:

Knowledge of:

• Utility-based network/systems architecture (including ICS/SCADA)

• Regulatory standards: NIST CSF, NERC CIP, HIPAA, PCI, FERC, DOE, etc.

• Risk management, audit procedures, ITIL, and GRC platforms

Technical Proficiency:

• Cloud platforms (Azure, AWS), SaaS/O365

• Vulnerability assessment tools (Tenable, Tripwire, etc.)

• SIEM tools (Splunk), endpoint protection (TrendMicro, McAfee)

• Scripting languages (Python, PowerShell, Regex)

• Microsoft Office Suite, SharePoint, and reporting tools

Soft Skills:

• Excellent documentation, communication, and collaboration skills

• Strong analytical and critical thinking abilities

• Professionalism in audit/compliance scenarios

• Ability to manage conflict and drive consensus

Minimum Qualifications:

One of the following:

• Associate s degree in IT, Cybersecurity, or related field + 4 years of relevant experience

• Bachelor s degree in IT, Cybersecurity, or related field + 2 years of relevant experience

• 6 years of combined education, training, and experience in information security, audit, risk, or IT compliance

Preferred Certifications (Any Two or Equivalent):

• DoD 8140 Certifications

• GIAC Certifications (e.g., GMON, GPCS)

• AWS Cloud Practitioner / Security Specialty / Solutions Architect

• Microsoft Azure Fundamentals / Security Engineer / Solutions Architect

• CompTIA Security+, Network+

• CCNA, CEH, CISSP, MCSE

Experience:

• 3 5 years in information security/compliance within utilities, energy, or critical infrastructure.

• Hands-on experience with tools like Tripwire, McAfee, TrendMicro, Splunk, NetMotion VPN, Tenable, Extrahop.

• Broad understanding across security domains such as perimeter, data, application, endpoint, cloud, and ICS security.