Overview
We are seeking a highly skilled and motivated Security Analyst with experience in Governance, Risk, and Compliance (GRC) tools to join our IT Security team. The ideal candidate will have a strong background in risk analysis and a thorough understanding of the NIST Cybersecurity Framework. This role involves ensuring the security and compliance of our IT systems and processes, identifying and mitigating risks, and working closely with various stakeholders to enhance our security posture.
Key Responsibilities
GRC Tool Management:
Utilize and manage GRC tools to track and report on compliance, risk, and governance activities.
Develop and maintain GRC tool configurations and workflows to support security and compliance processes.
Risk Analysis And Management
Conduct thorough risk assessments and analysis of IT systems and processes.
Identify, evaluate, and prioritize security risks and vulnerabilities.
Develop and implement risk mitigation strategies and action plans.
Monitor and report on risk status and trends to senior management.
Compliance And Governance
Ensure compliance with relevant regulatory requirements and industry standards.
Develop, implement, and maintain security policies, procedures, and standards in line with the NIST Cybersecurity Framework.
Conduct regular security audits and assessments to ensure adherence to policies and standards.
Provide guidance and support to other departments on compliance and governance matters.
Security Monitoring And Incident Response
Monitor security alerts and events, and perform initial triage and investigation.
Coordinate and manage incident response activities, including documentation and reporting.
Participate in post-incident reviews and contribute to continuous improvement of incident response processes.
Collaboration And Communication
Work closely with IT, legal, and business teams to ensure alignment of security and compliance efforts with business objectives.
Communicate security risks, policies, and procedures to stakeholders at all levels.
Provide training and awareness programs to enhance the organization's security culture.
Qualifications
Bachelor's degree in Computer Science, Information Security, or a related field.
3+ years of experience in a security analyst role with a focus on GRC tools and risk analysis.
Proficiency with GRC tools such as RSA Archer, Metric Stream, or similar.
Strong understanding of the NIST Cybersecurity Framework and other relevant standards (e.g., ISO 27001, PCI-DSS).
Experience conducting risk assessments and developing risk mitigation strategies.
Excellent analytical, problem-solving, and decision-making skills.
Strong communication and interpersonal skills, with the ability to effectively communicate complex security concepts to non-technical stakeholders.
Relevant certifications such as CISSP, CISM, or CRISC are a plus.
Preferred Skills
Experience with security information and event management (SIEM) tools.
Knowledge of cloud security best practices and technologies.
Familiarity with regulatory requirements such as GDPR, HIPAA, and SOX.
Experience in conducting security audits and assessments.
