Overview
Skills
Job Details
Responsibilities
The governance, risk and compliance (GRC) security analyst is a highly respected, influential and in-demand role within the business. The position is responsible for supporting the security direction of the business and elevating the company's security posture. The GRC security analyst is expected to support the security strategy of the business within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements. The GRC security analyst is also responsible for the planning and design of policies and maintenance.
The ideal candidate is technical and possesses at least five years of experience in security, compliance, and risk management. The role oversees the business's security requirements and obligations mandated by standards and regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS). In tandem with security leadership, the GRC security analyst consistently assesses and validates the assurance of security programs. As a primary point of contact for internal and external auditors, the GRC security analyst monitors progress and enforcements of remediation for issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the GRC security analyst must focus on strong risk management and corporate resiliency, and not be driven solely by compliance.