Junior GRC Analyst

System Soft Technologies • Arlington, TX, US • 1d ago

Our client is seeking a new member for their GRC team to join in a long term contract capacity. The position will be onsite initially in Arlington, TX, but can move to a hybrid schedule once familiar with the environment.

Key Responsibilities

Develop and implement organization wide governance, risk management, and compliance initiatives, integrating them into the overall digital and physical security landscape and aligning them with Arlington’s strategic objectives.
Establish and maintain policies, procedures, and controls to ensure compliance with regulatory requirements (e.g., CJIS, HIPAA, PCI DSS) and industry best practices. These controls will address information systems, OT environments, IoT security, and data privacy.
Conduct comprehensive risk assessments for IT and OT systems, third-party technologies, and connected IoT devices to identify vulnerabilities, evaluate risk impact, and develop mitigation strategies.
Design and implement controls that provide security across all digital platforms, monitor their effectiveness, and identify areas for continuous improvement.
Engage directly with IT and OT teams, as well as other city departments, to ensure robust technical solutions are in place for protecting systems and data. Assist with evaluating infrastructure security and ensuring alignment with citywide policies.
Work with departments to advise on security control matters, promote risk awareness, and support initiatives that enhance security and resilience across the city.
Collaborate with Internal Audit to facilitate independent reviews and assist departments with remediation efforts, ensuring alignment with strategic security goals.
Track, report, and communicate compliance metrics, trends, and issues to leadership and relevant stakeholders, ensuring all areas of the city’s technology environment are covered.

Job Specifications

Perform both quantitative and qualitative risk assessments for IT, OT, and IoT environments, as well as third-party technologies.
Evaluate IT and OT systems, policies, and standards for compliance with regulatory requirements, including CJIS, HIPAA, PCI DSS, and other applicable frameworks.
Analyze technology and security contracts for adherence to relevant laws and standards, with a focus on protecting information across all digital platforms.
Maintain a comprehensive repository of technical documentation and evidence for audits, compliance assessments, and incident response.
Develop and maintain SSPs for various applications and infrastructure, with considerations for OT and IoT environments.
Assist in managing and completing regular UAR audits to ensure that access controls are up-to-date and effective.
Work alongside the Internal Audit team to develop and test IT and OT control objectives.
Contribute to the development and delivery of training programs that cover all aspects of digital security, from IT and OT to IoT and physical security.
Create and maintain accurate reports and dashboards that capture the security posture across all technology platforms, ensuring visibility for leadership and stakeholders.

Desired Knowledge, Skills, and Abilities

Knowledge of security controls and frameworks applicable to IT, OT, IoT, and physical environments, including NIST Cybersecurity Framework, NIST 800 Series, ISO 27001, FBI CJIS Policy, PCI DSS, and Security Control Framework)
Skilled using GRC software and compliance monitoring tools.
Ability to problem-solve with a focus on developing effective strategies for a variety of technology environments.
Ability to present and communicate complex risk information to non-technical stakeholders.
Ability to collaborate with City departments, divisions, and teams to align business needs with GRC requirements.
Skilled in managing audits and assessments for cloud and on-premises architectures, including SaaS, IaaS, and PaaS.
Skilled in leveraging PowerBI or other data analytics tools.
Skilled in security control design, implementation, and monitoring.
Skilled in problem-solving and decision-making in security and risk-related scenarios.
Skilled in facilitation, influence, negotiation, and communication.

Qualifications and Requirements

Possession of a DOD 8570.01 Level 1 certification, such as CompTIA Security+, is preferred. Other equivalent industry certifications or equivalent combination of education and experience may be considered.
At least 1-3 years of relevant Information Security or GRC experience.
Must be able to pass a Criminal Justice name-based and fingerprint criminal history check.