GRC Analyst

Overview

Hybrid
Depends on Experience
Full Time

Skills

security
compliance
cybersecurity
NIST
risk management

Job Details

Charlotte, NC | GRC Analyst | Full-time

We are actively recruiting a GRC Analyst for our client in Charlotte, NC. This is a hybrid direct placement opportunity that will require being onsite in Charlotte a few times a month. In this position, you will be responsible for identifying, analyzing, and assessing potential cybersecurity risks that may impact the organization's digital assets, infrastructure, and data. You will work closely with IT Security, IT Operations and other business teams to develop strategies for risk mitigation, conduct risk assessments, and ensure compliance with regulatory and organizational security policies. This role plays a critical part in the tracking of IT compliance requirements and maintaining the organization s risk management framework, compliance standards, and minimizing cybersecurity risks/threats. This is the perfect role for a proactive and detail-oriented candidate to join our client's IT Security team.

Due to client request, candidates must be eligible to work in the United States without sponsorship.

Responsibilities:

Working knowledge of common information security management frameworks, regulatory requirements, and applicable standards such as: NIST, FARs, ISO, etc.

Develop and implement risk mitigation strategies, including risk transfer, acceptance, avoidance, or remediation.

Support security programs in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit finding, supporting IT Audit Plan.

Continuously assess the effectiveness of current security controls and recommend improvements.

Create KPIs and other metrics for different compliance standards.

Collaborate with various business departments to ensure security risks are considered in project planning and daily operations.

Evaluate, scope, and prioritize risks based on potential business impact and likelihood of occurrence.

Be able to scope statutory, regulatory, and contractual compliance requirements to specific entities withing the company.

Identify contract and proposal IT requirements and track compliance against them through scoping, metrics, artifact gathering, and POA&M.

Prepare and present detailed risk analysis reports to management and relevant stakeholders.

Ensure that all risk management practices align with applicable regulatory and industry standards

Assist in developing cybersecurity policies, standards, and procedures to reduce organizational risks.

Assist in gathering evidence for customer security questionnaires.

Assist the Business in preparing for and answering audits and assist internal/external audits where cybersecurity IT inquiry is required, performing cybersecurity analysis with risks evaluation.

Facilitate execution of required testing and auditing activities for the IT Department by internal and external parties.

Make broad recommendations on improving compliance related processes and/or procedures as it pertains to the IT department.

Conduct cybersecurity risk assessments and identify vulnerabilities, threats, and potential impacts to the organization s infrastructure, systems, and data.

Support the Information and Cybersecurity Officer with goals of overall security of the environments.

Assist in cybersecurity auditing of the environment.

Assist in identifying and scoping hardening requirements outside of normal best practices or industry baselines.

Track third party or vendor risk assessments and supply chain risk management.

Participate in the section s on-call rotation to monitor triage alerts after hours.

Requirements:

Project Management skills

Proficiency in conducting qualitative and quantitative risk assessments.

Excellent written and verbal communication skills, with the ability to present technical findings to non-technical stakeholders.

Ability to work collaboratively with cross-functional teams to address cybersecurity risks and challenges.

Strong analytical and problem-solving skills, with the ability to interpret complex data to make informed decisions.

Ability to work independently, manage multiple projects, and prioritize tasks in a fast-paced environment.

Comfortable working in a hybrid or remote setting.

Willingness to stay current with industry trends, threats, and advancements in cybersecurity through continuous learning.

Strong attention to detail, accuracy, and organizational skills.

Familiarity with regulatory requirements and compliance frameworks such as:

  • NIST (800-171, 800-53, CSF, RMF, AI, PII)
  • ISO 27001, 42001
  • NERC CIP
  • Industry Cyber regulation
  • Federal Cyber regulation
  • International Cyber regulation

Education:

Required: a bachelor s degree with experience in Computer Information Systems, Engineering, or related field.

One of the preferred certifications:

  • Certified Governance Risk and Compliance (CGRC)
  • Certified Information Systems Security Professional (CISSP)
  • Certified Information Security Manager (CISM)
  • Certified Information Systems Auditor (CISA)
  • Certified in Risk and Information Systems Control (CRISC)
  • CompTIA Cybersecurity Analyst (CySA+)

"Equal Opportunity Employer/Veterans/Disabled"

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.