Cyber Security GRC Analyst

job summary:

Cyber Security Analyst

The Cyber Security Analyst is an individual contributor on the IT Infrastructure & Security team responsible for both active security operations (vulnerability management, incident response, etc.) and GRC program activities.

The Analyst serves as a subject matter expert supporting internal business units, executive leadership, and external vendors across operational security and program governance.

location: Warrenville, Illinois

job type: Contract to Perm

salary: $55 - 70 per hour

work hours: 8am to 5pm

education: Bachelors



responsibilities:

Responsibilities

• Monitor and triage alerts across approved security platforms (i.e. CrowdStrike Falcon EDR/MDR, ZScaler, Mimecast, and Azure/Entra ID environments).
• Respond to IT security incidents, suspicious activity, and alerts to prevent adverse impact to users, processes, systems, or data; lead containment, root cause analysis, documentation, and post-incident review.
• Maintain and update the cybersecurity incident log; ensure all incidents are documented with consistent detail, timelines, and disposition for audit and trend analysis purposes.
• Execute monthly vulnerability scans using approved security platform (i.e. CrowdStrike Falcon Vulnerability Management); prioritize findings by severity and coordinate remediation of all critical and high findings with appropriate IT infrastructure and application teams within defined SLAs.
• Supervise and coordinate penetration testing and vulnerability scanning activities executed by third-party providers; own pre-engagement scoping, access coordination, remediation tracking, and finding closure validation.
• Evaluate IT security advisories and determine actions to assign to the appropriate team.
• Support security operations across approved company platforms (i.e. Microsoft Azure, Entra ID, and M365 environments); monitor identity-based threats, conditional access policies, and privileged access governance.
• Provide security advisory support to projects and initiatives in the form of IT security requirements and risk guidance.
• Act as point of contact for ad-hoc security inquiries, troubleshooting, and general IT security support.
• Assess and evaluate third-party suppliers through defined instruments to establish their IT security posture, identify associated risks, and communicate outcomes to relevant stakeholders.
• Own and administer the IT Change Advisory Board (CAB) - including scheduling, facilitation, documentation, security review enforcement, change log maintenance, and change management metrics reporting.
• Serve as primary coordinator for cyber insurance renewal questionnaires and audits; compile security control documentation, evidence, and metrics to support underwriter requirements; track and close identified control gaps; maintain a standing evidence library for recurring audit and insurance requests.
• Own the lifecycle of IT security policies and procedures - drafting, annual review, version control, and stakeholder approval - ensuring alignment with regulatory requirements, insurance mandates, and operational realities.
• Conduct security risk assessments for new and renewing technology vendors, including review of SOC 2 reports, security questionnaires, and contractual security requirements; maintain a vendor risk register and escalate material risks to the Director prior to contract execution.
• Support activities concerning IT security assessment of prospective company acquisitions; identify control gaps and communicate risks to appropriate stakeholders.
• Manage and administer the organization-wide security awareness training program, including phishing simulation campaigns; track completion rates, identify at-risk user populations, and report outcomes to leadership.
• Organize and lead the annual tabletop exercise program - including vendor interview and selection, scenario development, exercise facilitation, and post-exercise remediation tracking.
• Develop the bi-annual Cybersecurity Executive Meeting agenda in coordination with the Director; lead or co-present the meeting to senior leadership, covering security posture updates, risk trends, program metrics, and strategic initiatives.
• Appraise IT security risks and maintain the IT security risk register.
• Advise business functions on compliance requirements for applicable frameworks including NIST CSF, CIS Controls, and SOC 2.
• Review and provide input on corporate documents concerning IT security, including policies, supplier contracts, service contracts, and data processing agreements.
• Communicate proactively and effectively with all stakeholders, internal teams, and vendors involved in IT security processes.
• Prepare required summaries, updates, and reports on the schedule defined by the IT security program.

qualifications:

Requirements

Bachelor's degree in Information Technology, Cybersecurity, Computer Science, or a related field; or 3-5 years of equivalent professional experience.

CISM certification or equivalent required (or attainment within 12 months of hire); CISSP preferred.

Hands-on experience with CrowdStrike Falcon EDR, MDR, and Vulnerability Management, or similar platform (required).

Hands-on experience with Microsoft Azure and Entra ID - identity, conditional access, and cloud security, or similar platform (required).

Hands-on experience with Microsoft 365 Security - Defender, Compliance Center, Purview, or similar platform (required).

Hands-on experience with Mimecast and Cybergraph - email security and DLP, or similar platform (preferred).

Hands-on experience with ZScaler ZPA - zero-trust network access, or similar platform (required).

Working knowledge of NIST CSF, CIS Controls, and/or SOC 2 frameworks.

General technical knowledge including networks, operating systems, cloud security (Azure, SaaS/PaaS/IaaS), endpoint security, web application security (OWASP), network security (IDS/IPS, SIEM, DDoS mitigation, WAF), and penetration testing methodologies.

Demonstrated experience managing GRC activities including policy governance, vendor risk assessments, audit support, and compliance program coordination.

Experience facilitating executive-level meetings, tabletop exercises, or security governance forums.

Ability to identify potential weaknesses through threat modeling and/or risk assessment.

Ability to create, review, and maintain corporate security documents including policies, procedures, vendor contracts, and data processing agreements.

Familiarity with cyber insurance control frameworks and audit documentation practices.

Strong written and verbal communication skills; able to translate technical risk into business-level impact for executive and non-technical audiences.

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

At Randstad Digital, we welcome people of all abilities and want to ensure that our hiring and interview process meets the needs of all applicants. If you require a reasonable accommodation to make your application or interview experience a great one, please contact

Pay offered to a successful candidate will be based on several factors including the candidate's education, work experience, work location, specific job duties, certifications, etc. In addition, Randstad Digital offers a comprehensive benefits package, including: medical, prescription, dental, vision, AD&D, and life insurance offerings, short-term disability, and a 401K plan (all benefits are based on eligibility).

This posting is open for thirty (30) days.