The Senior Analyst, Cybersecurity GRC will administer the completion of compliance-related client requests to assess security policies and procedures. The Senior Analyst will respond to inquiries on the security controls policy, processes, and procedures implemented for managed systems and applications, as well as support Third Party Risk Management (TPRM) and Governance and Risk functions in conducting vendor due diligence (initial, reassessments and ongoing monitoring) and supporting broader GRC efforts. This position is 100% Onsite and not open for Remote.
Senior Analyst, Cybersecurity GRC Responsibilities:
– Review and understand current IT Risk Management (ITRM) program framework and associated policies, standards, procedures, and processes.
– Prepare and respond to related compliance requests and web-shares including referencing evidentiary artifacts or other documentation.
– Complete external information security assessments, remediation efforts and support status tracking of assessment queues.
– Coordinate with external assessors and internal subject matter experts to address compliance inquiries and web-shares of security artifacts.
– Assist in further defining the process for completing information security control assessments.
– Support metrics and reporting of the Information Security Program through the collection and analysis of effectiveness security control measures.
– Develop understanding of control structure to support the creating or revising standard narratives/responses for client questionnaires (e.g., SIG).
– Work with the CISO, senior managers, managers and other internal stakeholders to report existing information security programs and ongoing security projects that address information security risks and compliance requirements.
– Manage competing deadlines and multiple external inquiries using effective organizational skills and attention to detail as demonstrated by prior work experience.
– Contribute to the creation of GRC related processes and procedures and relevant documents.
– Collaborate with InfoSec, Privacy and GRC management and internal subject matter experts to support coordination, tracking, and reporting of GRC team strategy and goals; and complete other tasks as assigned.
– Participate in efforts to evolve and streamline GRC solutions, processes and procedures.
– Develop and maintain the status tracking related to findings from information security assessments, Governance, Risk and Compliance, and TPRM due diligence/reassessment assessments and associated remediations.
Senior Analyst, Cybersecurity GRC Qualifications:
– Bachelor’s degree (required) and at least 5 years of combined information technology and information security experience.
– Strong understanding of multiple risk management concepts, frameworks, and standards (CSC, NIST, ISO, COBIT).
– Strong understanding of information security concepts and technologies.
– Strong understanding of due diligence and compliance documents (e.g. SOC 2 Type 2, ISO 27001 Certification, SIG Questionnaires, Certificates of Insurance, Pen Test, etc.).
– Strong communication skills with the ability to interact with various teams.
– Demonstrated experience with the NIST Cybersecurity Framework and auditing security controls identified in NIST SP800-171 and NIST SP800-53A.
– Experience in the analysis of IT and Security control requirements and understanding of associated technology processes.
– Experience working with internal and external auditing firms.
– Fundamental knowledge of MS Outlook, Word, Excel, Visio, and PowerPoint.
Benefits include medical insurance, retirement plan, Dental, Vision, PTO, etc.
Keywords: Washington DC Jobs, Senior Analyst, Cybersecurity GRC, Information Security, Risk Management, CSC, ISO, COBIT, NIST Cybersecurity Framework, NIST SP800-171, NIST SP800-53A, SOC 2 Type 2, ISO 27001 Certification, SIG Questionnaires, Certificates of Insurance, Pen Test, Governance, Risk, Compliance, Washington, DC Recruiters, Information Technology Jobs, IT Jobs, Washington, DC Recruiting
We help companies that are looking to hire Senior Analysts, Cybersecurity GRC for jobs in Washington, DC and in other cities too. Please contact our IT recruiting agency and IT staffing companies today! Phone 630-428-0600 ext. 12 or email us at gina@ginastechjobs.com . Click here to submit your resume for this job and others.
|
QUESTIONNAIRE-3-511441 Employee Type Regular If you are a CURRENT Carters employee, you MUST apply through the Internal Career Link within the My Career & Performance app in Workday. Do not apply using the below external application. Carters, Inc. is the...
...PRN Adult SUD Nurse Practitioner (PMHNP or Dual Licensed PMHNP/FNP) for Residential Treatment. Recently named an Inc. 5000 Fastest Growing company, Integrated Psychiatric Consultants (IPC) is looking to add more high-quality Nurse Practitioners to our team....
At Aspen Home Improvements, we're not just a company; we're a family committed to transforming houses into dream homes. We're specialists in windows, doors, siding, and roofing, and we're on the hunt for enthusiastic and energetic individuals to join our team as Door to...
...Empire Roofing specializes in a comprehensive selection of roofing services tailored to meet the needs of commercial, industrial... ...Confer with engineers, architects, owners, contractors and subcontractors on changes and adjustments to cost estimates Prepare estimates...
...responsible for ensuring all the hazards at each job site have been repaired or marked for replace.Compensation:Technicians are paid... ...-Clean Shaven-Be Able to Lift 50 lbsAbout Us:Precision Concrete Cutting is the leader in uneven sidewalk repair and trip hazard...