We have an exciting opening for a fast paced, entrepreneurial, individual who has a focus on process and lean work methodology. The information Security Team, specifically, the Governance, Risk, and Compliance Team, is seeking a colleague to join our team to perform a variety of Governance, Risk, and Compliance activities. The GRC Analyst is a permanent position based in Glenview, IL. Salary plus bonus. You’ll be working for an 18 billion dollar international firm.
The GRC team handles a wide range of cross-functional activities, from security compliance certifications and audits, to risk management, vendor reviews, inbound due diligence, security education, policy and procedures, and more.
Each of these ongoing parallel activities entails interpreting and setting requirements, assessing the effectiveness of security controls, risk-based decision making, cross-functional collaboration and communication, and staying up-to-date on security best practices and how changes in the evolving threat landscape need to inform our strategy.
A successful candidate for this role is someone who is detail oriented, data-driven, and experienced in policy writing. Someone who can manage competing priorities, translate regulatory requirements into solid and secure processes.
Additionally, you will oversee the execution of IT SOX controls, serve as a point-of-contact to our audit partners, and work with control owners to ensure design and operational effectiveness.
As a Sr. Compliance Analyst, you will:
- Review, update and author policies that adhere to industry best practice and meet compliance concerns (e.g. ISO, SOX, PCI, GDPR, Cyber Essentials Plus, Cloud Security Alliance, etc.)
- Conduct internal assessments for security risk and compliance
- Assist in the determination if gaps in security design or controls exist and provide recommendations for remediation or mitigating controls
- Develop, and report on security metrics
- Deliver security awareness training and phishing campaigns to enable a security aware organization
- Work with Audit to support necessary external assessments of the organization, such as IT’s adherence to SOX or Security’s maturity
- Maintain a working knowledge of applicable compliance drivers (SOX, PCI, GDRP, CCPA, CMMC, etc.). and keep abreast of developing regulatory changes and assist in providing guidance to assess new requirements.
Required skills and experience for this role:
- Bachelor's Degree
- 7+ years’ experience in information security, compliance, internal audit or similar role
- Solid understanding of implementations of identity and access control, change management, vulnerability management, patch management, data loss prevention, SDLC, cloud technology, vendor management, business continuity and disaster recovery.
- Experience with and understanding of various privacy regulations (e.g. CCPA, GDPR, etc.) and information security management frameworks (e.g. NIST CSF, ISO 27001, CMMC, etc.)
- Experience performing security assessments
- Excellent written and verbal communication skills
- Strong multi-tasking skills and ability to juggle multiple projects
- A self-starter with a high level of initiative, attention to detail and ability to work independently and effectively under minimal supervision
- Ability to learn quickly and willingness to take ownership of new projects
- Ability to research and learn new regulations, compliance frameworks and information security technologies
- Experience delivering security awareness training
- Proven track record of cross-functional collaboration to remediate gaps, implement policies and procedures, assure external parties, and build security culture while keeping business needs top of mind
- Experience authoring information security policies, standards, and procedures
- CISSP, CISA or similar certification(s)
- Solid documentation skills - process maps, requirements documents, Visio diagrams, etc.