Senior Information Security Analyst (GRC)

Senior Information Security Analyst (GRC)

Location: Chicago, IL.

What you get to do: As a Senior GRC Analyst, you will play a vital role in shaping and maintaining the information security and risk management framework of our organization.

Your comprehensive responsibilities will include:

Information Security & Risk Management: Oversee the processes and tools related to information security and risk management. You will also manage IT due diligence requests and ensure compliance with our policies, procedures, and regulatory demands.

Risk Management Leadership: Serve as the primary coordinator for security risk management activities, including the analysis, quantification, and tracking of information security risks, plus the review and documentation of risk exception requests.

Cybersecurity Education: Champion initiatives to educate and promote cybersecurity awareness across the enterprise, cultivating a strong security culture.

Policy and Compliance Analysis: Identify emerging compliance requirements and assess their impact on our policies. Develop and refresh our policies, procedures, standards, and guidelines to stay compliant and aligned with industry best practices.

Third-Party Cyber Risk Management: Develop and manage a framework to assess and mitigate risks associated with third-party vendors and service providers, ensuring they adhere to our cybersecurity standards and contribute to our overall security posture.

Best Practices Implementation: Apply your expertise in information security best practices to ensure robust IT controls are in place, meeting external audit and client expectations.

Governance Visibility: Design and maintain dynamic dashboards or scorecards that offer clear insights into Information Security Governance activities, demonstrating our commitment to security and compliance.

Support and Collaboration: Perform additional duties as assigned by management, supporting the broader goals of our IT and security departments.

What you will bring to the team MUST SKILLS

Strong in security and control frameworks, such as FFIEC, NIST, COBIT, ITIL, ISO control framework

Background in Information Security, IT Risk Management, IT Audit

8+ years of experience supporting Information Technology compliance programs to meet regulatory or compliance requirements

Proven experience in proactively identifying potential IT control risks, issues and opportunities through analytical thinking and offering sustainable recommendations that address root cause rather than symptoms

Strong understanding of information security standards, best practices for securing computer systems within applicable laws and regulations

Experience with Governance Risk & Compliance (GRC) tools and policy/procedure development

Experience working in a highly regulated industry (financial services or health care) desired