Overview
On Site
Hybrid
Contract - W2
Skills
Information Security Governance
Information Technology
System On A Chip
ISO 9000
Partnership
Collaboration
Development Management
Information Security
Privacy
Auditing
Documentation
Regulatory Compliance
Leadership
KPI
Mentorship
Reporting
Information Systems
ISACA
CISSP
CISM
CISA
Security+
Certified Ethical Hacker
GSEC
Risk Management
Finance
Professional Services
Cyber Security
Security Operations
Incident Management
Security Engineering
Cloud Security
Artificial Intelligence
Data Security
Configuration Management
Risk Assessment
Test Methods
Software Development
Internal Control
PCI DSS
Gramm-Leach-Bliley Act
ISO/IEC 27001:2005
OWASP
Policies and Procedures
Analytical Skill
Management
FOCUS
Continuous Improvement
Innovation
SAP GRC
Communication
Job Details
The Senior GRC Information Security Analyst role will be part of the Information Security Governance, Risk, & Compliance (GRC) team. The Information Security GRC team is responsible for the overall security posture of by ensuring compliance with applicable regulations and contractual obligations and maintaining effective and efficient governance, risk, and compliance programs. In addition, the Information Security GRC team is directly involved with supporting and enabling Information Technology, Information Security compliance initiatives.
We seek a Senior GRC Information Security Analyst with extensive experience implementing, managing, and maturing compliance programs, including but not limited to SOC2, ISO27xxxx, GLBA, GDPR, and CCPA. The individual must possess a significant level of technical knowledge that allows for clear communication with security and technology stakeholders and the ability to provide actionable guidance and recommendations on processes.
As a member of the Information Security GRC team, this role will be instrumental in supporting the strategy of the GRC program in partnership with senior management.
HOW YOU LL MAKE A DIFFERENCE
Contribute to the development, management, and ongoing improvement of Information Security risk program, compliance initiatives, and overall security risk posture.
Partner with senior management to design and implement maturity strategies and operations into the Information Security GRC team.
Lead critical control activities with stakeholders across the business, quantifying risk, evaluating mitigations, and driving actions to measurably reduce risk.
Conduct regular risk assessments to identify potential threats and vulnerabilities across the organization analyzing their impact and likelihood of occurrence.
Generate reports on risk assessments, compliance status, and control effectiveness to communicate findings to stakeholders at various levels within the organization.
Establish and contribute to risk and compliance activities with an eye toward continuous controls monitoring automation.
Validate that information security requirements are built into architecture and new technology projects.
Maintain Information Security risk register, report monthly to appropriately address key risk areas.
Conduct technical security posture review for annual vendor monitoring and re-assessment processes for new and existing vendors.
Provide support to the Information Security Incident Response team during cyber/privacy incidents.
Support internal and external audits by providing documentation and supporting evidence of compliance.
Support policies and procedures maintenance aligned with in-scope security frameworks, regulations, and internal standards to manage identified risk effectively.
Prepare detailed reports for senior leadership, including KRI and KPI.
Act as a mentor, advisory, and escalation point for team members and stakeholders.
Treat people with respect; keep commitments; inspire the trust of others; work ethically and with integrity; uphold organizational values; accept responsibility for own actions.
Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action.
Follows policies and procedures; completes tasks correctly and on time; supports the company s goals and values.
Performs the position safely, without endangering the health or safety to themselves or others and will be expected to report potentially unsafe conditions. The employee shall comply with occupational safety and health standards and all rules, regulations and orders issued pursuant to the OSHA Act of 1970, which are applicable to one s own actions and conduct.
Performs other duties and projects as assigned.
WHAT YOU LL BRING
Bachelor s degree in information systems, engineering, business, risk management, or related field; and related certifications (e.g., CRISC, CISSP, CISS, CISM, CISA, Security+, CEH, GSEC).
5+ years of experience in GRC, security, risk management or related fields, particularly in highly regulated industries such as financial, professional services, or government, with expertise in navigating complex regulatory requirements.
High technical knowledge across Cybersecurity domains, including Security Operations, Incident Response, Security Engineering, Cloud Security, Artificial Intelligence (AI), Data Security, Configuration Management, Log Generation, Security Risk Assessments/testing methodologies, Secure Software Development Lifecycle, evaluating the adequacy and efficiency of internal controls.
Expert knowledge of GRC frameworks and regulations (e.g., PCI-DSS, GDPR, CCPA, GLBA, NIST, ISO 27001).
Strong knowledge in OWASP, CIS and/or other security standards and secure configuration baselines.
Experience developing and implementing GRC framework, policies and procedures.
Excellent analytical skills with the ability to assess complex risks and develop effective mitigation security strategies.
Proven ability to lead and manage projects, including coordinating cross-functional teams and delivering results on time.
Ability to adapt to a fast-paced and dynamic environment, with a focus on continuous improvement and innovation.
Ability to work on multiple GRC projects simultaneously.
Excellent communication and interpersonal skills.
We seek a Senior GRC Information Security Analyst with extensive experience implementing, managing, and maturing compliance programs, including but not limited to SOC2, ISO27xxxx, GLBA, GDPR, and CCPA. The individual must possess a significant level of technical knowledge that allows for clear communication with security and technology stakeholders and the ability to provide actionable guidance and recommendations on processes.
As a member of the Information Security GRC team, this role will be instrumental in supporting the strategy of the GRC program in partnership with senior management.
HOW YOU LL MAKE A DIFFERENCE
Contribute to the development, management, and ongoing improvement of Information Security risk program, compliance initiatives, and overall security risk posture.
Partner with senior management to design and implement maturity strategies and operations into the Information Security GRC team.
Lead critical control activities with stakeholders across the business, quantifying risk, evaluating mitigations, and driving actions to measurably reduce risk.
Conduct regular risk assessments to identify potential threats and vulnerabilities across the organization analyzing their impact and likelihood of occurrence.
Generate reports on risk assessments, compliance status, and control effectiveness to communicate findings to stakeholders at various levels within the organization.
Establish and contribute to risk and compliance activities with an eye toward continuous controls monitoring automation.
Validate that information security requirements are built into architecture and new technology projects.
Maintain Information Security risk register, report monthly to appropriately address key risk areas.
Conduct technical security posture review for annual vendor monitoring and re-assessment processes for new and existing vendors.
Provide support to the Information Security Incident Response team during cyber/privacy incidents.
Support internal and external audits by providing documentation and supporting evidence of compliance.
Support policies and procedures maintenance aligned with in-scope security frameworks, regulations, and internal standards to manage identified risk effectively.
Prepare detailed reports for senior leadership, including KRI and KPI.
Act as a mentor, advisory, and escalation point for team members and stakeholders.
Treat people with respect; keep commitments; inspire the trust of others; work ethically and with integrity; uphold organizational values; accept responsibility for own actions.
Demonstrates knowledge of and adherence to EEO policy; shows respect and sensitivity for cultural differences; educates others on the value of diversity; promotes working environment free of harassment of any type; builds a diverse workforce and supports affirmative action.
Follows policies and procedures; completes tasks correctly and on time; supports the company s goals and values.
Performs the position safely, without endangering the health or safety to themselves or others and will be expected to report potentially unsafe conditions. The employee shall comply with occupational safety and health standards and all rules, regulations and orders issued pursuant to the OSHA Act of 1970, which are applicable to one s own actions and conduct.
Performs other duties and projects as assigned.
WHAT YOU LL BRING
Bachelor s degree in information systems, engineering, business, risk management, or related field; and related certifications (e.g., CRISC, CISSP, CISS, CISM, CISA, Security+, CEH, GSEC).
5+ years of experience in GRC, security, risk management or related fields, particularly in highly regulated industries such as financial, professional services, or government, with expertise in navigating complex regulatory requirements.
High technical knowledge across Cybersecurity domains, including Security Operations, Incident Response, Security Engineering, Cloud Security, Artificial Intelligence (AI), Data Security, Configuration Management, Log Generation, Security Risk Assessments/testing methodologies, Secure Software Development Lifecycle, evaluating the adequacy and efficiency of internal controls.
Expert knowledge of GRC frameworks and regulations (e.g., PCI-DSS, GDPR, CCPA, GLBA, NIST, ISO 27001).
Strong knowledge in OWASP, CIS and/or other security standards and secure configuration baselines.
Experience developing and implementing GRC framework, policies and procedures.
Excellent analytical skills with the ability to assess complex risks and develop effective mitigation security strategies.
Proven ability to lead and manage projects, including coordinating cross-functional teams and delivering results on time.
Ability to adapt to a fast-paced and dynamic environment, with a focus on continuous improvement and innovation.
Ability to work on multiple GRC projects simultaneously.
Excellent communication and interpersonal skills.
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.