GRC Analyst

GRC, CISSP, CISA, CISM
Contract W2, Contract Independent, Contract Corp-To-Corp
Depends on Experience
Work from home available

Job Description

Job Description:-
Responsibilities:
Management of ISO27001:2013 & SOC2, Type 2 certification, information security (InfoSec) risk analytics, governance policy and standards drafting, risk remediation process implementation, NIST800 compliance and framework management, disaster recovery program management, as well as other GRC subject matter expert related duties in support of the Information Security team.
Ability to conduct thorough risk analysis, control identification and audit program development. Demonstrate the ability to multi-task, by clearly documenting the results of testing on more than one audit concurrently.
Effectively communicate audit issues and related recommendations in both technical and non-technical terms to Operational and IT management.
Demonstrate technical knowledge of routine IT systems and processes and continue development of technical and analytical skills to understand more complex technologies.Interprets the associated risks, develops testing approach, and proposes solutions.
Lead the initial root cause analysis process, influencing problem solving efforts and participate in department-wide CI efforts.
Demonstrates increased technical understanding of data analysis concepts and practices.
Shares knowledge and experience with less experienced team members.
Documentation review; drafting of policy, procedures and standards, certification and accreditation documents
Collaborate with Incident Response, Vulnerability Management and Insider Threat teams to develop risk mitigation strategies from new and emerging risks
Serve as an IS liaison to business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., InfoSec best practices, policy and procedure development, employee education and awareness, security exceptions)
Maintain confidentiality of all investigations, reports, and other confidential and sensitive information associated with position
Interact enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff
Define and deliver EIS GRC metrics, analytics, and scorecards
Requirements:
You should possess industry-specific knowledge regarding security related regulations and controls, such as ISO 27001, SOC2, Fed Ramp, and NIST 800
Should be Two or more years of IT Audit or information technology experience with a focus on information security, risk management, or system development.
Demonstrated ability to evaluate internal controls, execute large portions of an audit independently, analyze and solve complex problems, conduct research, and express ideas clearly, concisely and persuasively both verbally and in writing. Demonstrates a strong understanding of business ethics.
You are proficient in IT Audit skills as typically acquired through a Bachelor’s degree in Computer Science, Management Information Systems or a comparative field.
You should be able to work well with people from many different disciplines with varying degrees of technical experience.
You should be able to adapt to a dynamic, rapidly changing business and technical environment, exercise good professional judgment, maintain confidentiality, manage projects through the entirety of the life cycle, develop security standards and guidelines based on best practices and industry standards
Tech stack:
Infosec related training or certifications such as CISSP, CISA, or CISM.
 GRC automation software, ServiceNow, or other compliance and workflow tools.

Reach

/813-568-1938

Posted By

Amar Ahamed

7320 E Fletcher Ave Tampa, FL, 33637

Contact
Dice Id : 90956948
Position Id : 6566311
Originally Posted : 4 months ago
Have a Job? Post it

Similar Positions

Java Developer with Swift Payment
  • VDart, Inc.
  • Cary, NC
Global DevOps Engineer (no C2C)
  • SPECTRAFORCE TECHNOLOGIES Inc.
  • Raleigh, NC
Site Reliability Engineer
  • Atyeti
  • Raleigh, NC
Cloudera
  • Natsoft
  • Raleigh, NC
Senior Developer
  • Zachary Piper Solutions, LLC
  • Durham, NC
Senior Production Support Analyst
  • Software Guidance & Assistance
  • Raleigh, NC
Software Engineer (Java / Kafka)
  • Adroit Software, Inc.
  • Durham, NC
Senior Java Developer
  • Info Dinamica Inc
  • Durham, NC
Senior Engineer - Automation - DevOps
  • Reperio Human Capital Inc.
  • Raleigh, NC
EDIFECS Developer
  • VLink Inc
  • Dayton, OH