|Date Posted||June 20, 2020|
Ref ID: 04130-0011476111
Classification: Data Security Analyst
Compensation: $85000.00 to $100000.00 yearly
The IT Governance, Risk, and Compliance (GRC) Analyst will be responsible for the corporate-wide IT GRC program. This person will work closely with Information Technology, Enterprise Risk Management (ERM), Legal, HR and Procurement to ensure the "appropriate" IT controls are in place to minimize risk and ensure compliance with Information Security Policy, Standards and Controls, NIST and CIS Security Standards, Data Privacy regulations and the Payment Card Industry – Data Security Standards (PCI-DSS).
This position is expected to be a subject matter expert in the area of assessing Information Technology and Cybersecurity risk, identifying emerging cybersecurity threats and applying different cyber security control frameworks and standards throughout the organization, particularly related to National Institute of Standards & Technology (NIST), CIS Critical Security Controls, and Payment Card Industry Data Security Standards (PCI DSS).
This person will also be responsible for the vulnerability, vendor and risk management programs, including leading the risk-based change management program, and liaise with internal / external auditors to ensure audits lead to a successful outcome, and be responsible for the Security Exception/Risk Acceptance process. The position will also manage, maintain and administer the Information Security Awareness Training program.
• 5+ of Third Party information security, risk management, or Audit experience
• Experience with GRC tools and automation to support Risk assessment
• Experience in process improvement and re-engineering, business requirements gathering and process flowcharts
• Strong understanding of audit/risk management methodologies and regulatory requirements pertaining to information security, privacy and/or data security
• Demonstrate working knowledge of industry standards (ISO, COBIT, COSO, ITIL)
• Experience working in large corporate environments involving multiple businesses
• A Bachelor’s Degree in Management Information Systems or Computer Science
• CTPRA, CTPRP, CCSP, CISA, CRISC, or CISSP (or equivalent) required