Security Analyst (Governance, Risk & Compliance)

Overview

Hybrid
$40 - $50
Contract - W2
Contract - 12 Month(s)

Skills

Cybersecurity
Compliance
Risk
Audit
GRC
Governance
SIEM
Networking
Firewall
IDS
IPS
DNS
SCADA
NERC
NIST
HIPAA
PCI
SOX
FERC
Cloud
Azure
AWS
O365
Python
PowerShell
Regex
Vulnerability
Encryption
Monitoring
IncidentResponse
ThreatDetection
PatchManagement
Automation
Documentation
Communication
Analysis
Reporting
SharePoint
Excel
Word
Outlook
Policies
Training
Audits
SecurityControls
AccessControl
ITIL
Controls
Dashboards
Awareness
Investigation
Testing
SecurityTools
EndpointSecurity
DataSecurity
ICS
VPN

Job Details

Job Title: Technology Security Analyst (Governance, Risk & Compliance)
Location: Jacksonville, FL
Job Type: Contract
Industry: Utilities / Energy


Job Summary:

We are seeking an experienced, detail-oriented, and strategic-thinking Information Security Analyst with a strong background in Governance, Risk, and Compliance (GRC). This role supports cybersecurity initiatives within the utility sector, managing risk, shaping policy, and fostering a culture of compliance and security awareness.


Key Responsibilities:

  • Monitor, evaluate, and support cybersecurity and regulatory compliance across IT and OT environments.

  • Assist in third-party risk assessments, vendor security reviews, and contract evaluations.

  • Develop, maintain, and enforce security policies, standards, and procedures.

  • Conduct risk assessments and coordinate remediation activities.

  • Maintain GRC documentation (risk registers, control matrices, incident logs).

  • Manage audit evidence collection for regulatory audits (NERC CIP, HIPAA, PCI-DSS).

  • Monitor regulatory changes and enhance compliance programs.

  • Organize and participate in cybersecurity training and awareness programs.

  • Collaborate cross-functionally with teams including Engineering, HR, Legal, and Operations.

  • Analyze security events, maintain asset inventories, and validate security controls.

  • Liaise with external auditors, vendors, and regulatory bodies.


Required Skills & Competencies:

Knowledge of:

  • Utility-based network/systems architecture (including ICS/SCADA)

  • Regulatory standards: NIST CSF, NERC CIP, HIPAA, PCI, FERC, DOE, etc.

  • Risk management, audit procedures, ITIL, and GRC platforms

Technical Proficiency:

  • Cloud platforms (Azure, AWS), SaaS/O365

  • Vulnerability assessment tools (Tenable, Tripwire, etc.)

  • SIEM tools (Splunk), endpoint protection (TrendMicro, McAfee)

  • Scripting languages (Python, PowerShell, Regex)

  • Microsoft Office Suite, SharePoint, and reporting tools

Soft Skills:

  • Excellent documentation, communication, and collaboration skills

  • Strong analytical and critical thinking abilities

  • Professionalism in audit/compliance scenarios

  • Ability to manage conflict and drive consensus


Minimum Qualifications:

One of the following:

  • Associate s degree in IT, Cybersecurity, or related field + 4 years of relevant experience

  • Bachelor s degree in IT, Cybersecurity, or related field + 2 years of relevant experience

  • 6 years of combined education, training, and experience in information security, audit, risk, or IT compliance


Preferred Certifications (Any Two or Equivalent):

  • DoD 8140 Certifications

  • GIAC Certifications (e.g., GMON, GPCS)

  • AWS Cloud Practitioner / Security Specialty / Solutions Architect

  • Microsoft Azure Fundamentals / Security Engineer / Solutions Architect

  • CompTIA Security+, Network+

  • CCNA, CEH, CISSP, MCSE


Experience:

  • 3 5 years in information security/compliance within utilities, energy, or critical infrastructure.

  • Hands-on experience with tools like Tripwire, McAfee, TrendMicro, Splunk, NetMotion VPN, Tenable, Extrahop.

  • Broad understanding across security domains such as perimeter, data, application, endpoint, cloud, and ICS security.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.