GTN is looking for FedRamp GRC Analysts to work on projects for the next six (6) months. These are 100% remote positions, but you will be working Central Time Zone hours primarily.
The Governance, Risk, Compliance (GRC) Analyst will assist in implementing policies, procedures, and standards to govern the protection of corporate information systems, networks, data, and 3rd party services. The analyst will stay up to date on the latest cybersecurity intelligence while managing privacy workflows to ensure the company meets regulatory compliance.
What You’ll Do:
· Assist in the implementation of the Cybersecurity GRC program using industry standard frameworks that align to regulatory requirements and business objectives.
· Perform risk analysis for systems, processes, third-party tools/applications, and configurations.
· Assist in improving security posture through process, policy, automation, and the continuous advancement of capabilities.
· Document business ownership and responsibilities of the controls using the company’s GRC tool.
· Schedule and perform regular assessments (internal and external) to test effectiveness of controls.
· Investigate (internal and external) information security risk and exceptions assessments.
· Assist in managing Payment Card Industry Data Security Standards (PCI DSS) audits.
· Manage security training and phishing campaigns to mitigate social engineering attacks.
· Monitor security incident management program to ensure effectiveness.
· Assess incidents, vulnerability/patching status, secure baselines, and penetration test results.
· Document and report control failures and gaps to stakeholders. Provide remediation guidance and prepare management reports to track remediation activities.
Who You Are:
· 2 – 8 years’ experience in GRC Programs (i.e., Third-Party Risk Management, Risk Profile, Privacy Data Mapping, PCI – DSS, etc.).
· Understanding of IT policies, laws, standards, and frameworks applicable to the specific technical role e.g., PCI DSS, ISO27001/2, SOC reports and NIST CSF.
· Experience maintaining corporate policies.
· Experience testing or auditing technical controls.
· Critical thinker, creative problem solver and a strong desire to learn.
- · Strong oral and written communication skills.
