Information Security Analyst (GRC)

  • Mount Laurel Township, NJ
  • Posted 2 hours ago | Updated moments ago

Overview

On Site
Contract - W2
Contract - 6+ Month(s)

Skills

Risk
NIST
Governance
Information Security Analyst (GRC)
and Compliance

Job Details

Role: Information Security Analyst (GRC)

Term: 6 months - extension/conversion possible

Location: HYBRID MT Laurel NJ / North Carolina / Ft Lauderdale FL ( 2 days a week in office required - moving to 4 days a week as of Nov 3rd )

Job Description:

Ideal Candidate:

The manager needs a senior GRC (Governance, Risk, and Compliance) professional with a background in IT or banking. This hire will be responsible for assessing the security of the bank's most critical assets.

The ideal candidate must have:

  • Experience with technology risk and compliance.
  • Strong knowledge of industry standards like NIST.
  • Excellent communication skills to "socialize" and translate risk findings to both technical and non-technical stakeholders.

SUMMARY OF DAY TO DAY RESPONSIBILITIES:
Drive cyber assessments, verifying controls across applications, ensuring controls are in place. Identifying assets for the Bank that are the most critical to protect from an operational and data perspective. Running and analyzing reports across findings and applications to understand criticality and risk. Evaluating risk to determine critical areas in the bank, including reviewing areas of the bank where we may be carrying risk and evaluating how to limit risk.
Assess applications through an interview and reporting process to identify their criticality and if they are compliant to control requirements. Socializing the takeaways from that assessment process and continuing to monitor for compliance and improvements.

Knowledge of asset classification, completion of BIA's would be a nice to have, a way to understand what applications provide to the business of a bank and how critical they are to operations.
Knowledge of technology guidelines and/or industry standards Experience with NIST, being able to read NIST requirements and determine if they are being met.
Socialization of project enhancements and/or role changes etc. I wouldn't call it project management, more of change management and really just means organization/ communication skills.



MUST HAVE:

1.) Technology banking or Governance, Risk, or Compliance
2.) Knowledge of asset classification,
3.) Knowledge of technology guidelines and/or industry standards
4.) Socialization of project enhancements and/or role changes etc.


NICE TO HAVE

1.) Certifications (CISSP, CISA, Security+, etc.)
2.) Understanding impacts of loss in cyber events
3.) Experience with Business Continuity and Disaster Recovery

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.