|Date Posted||January 17, 2018|
Information Security/GRC Analyst
- The Information Security/GRC Analyst is responsible for the assessing and documenting compliance and risk posture as they relate to information assets.
- The successful candidate will work with solution managers, business clients, application development, and/or infrastructure teams to integrate security best practices into the solution delivery process to prevent or remediate significant risks to the business.
- He/she will identify and document business risks and coordinate remediation of vulnerabilities and threats using risk assessment methodologies and processes including analyzing output from infrastructure, database, or web application vulnerability assessments, and developing spreadsheets, diagrams, textual documents and reports as requested.
- The successful candidate will have a demeanor of maturity and professionalism that promotes trust and respect for the Information Security team and those with whom the team interacts.
- He/she will be trusted to work in sensitive situations and/or with sensitive information and keep a high degree of confidentiality.
Duties and Responsibilities
- Recommend programmatic and technical directions and operate with a high degree of independence in matters relating to the investigation, impact, and analysis of security incidents, decisions regarding risk, and measures for computer and network security.
- Champion the development and implementation of the system-wide risk management function of the information security program to ensure information security risks are identified and monitored.
- Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.
- Interacts in both oral and written communications with all levels of the organization including but not limited to; IT staff, business owners and or consultants, executive leadership, general counsel, auditors, and other regulatory audiences.
- Coordinate and track all information technology and security related audits including scope of audits, timelines, auditing agencies and outcomes.
- Work with auditors as appropriate to keep audit focus in scope, maintain excellent relationships with audit entities and provide remediation plans as needed.
- Must be able to assess computer hardware, software, and systems for security risks or violations and work with IT staff and technology vendors to recommend solutions.
- Develop strategies to address awareness and training for all stakeholders as well as technical solutions.
- Must be able to assess the status of complex projects as well as identify and implement appropriate corrective measures to resolve issues as they arise.
- Must have a strong customer service orientation and the ability to project that attitude to customers in remote locations.