Cybersecurity GRC Analyst

edgefi • Vancouver, Washington, United States • 3w ago

Mission Statement: We seek a highly skilled and dedicated Cybersecurity GRC Analyst to join our dynamic team. In this role, you will support the maturation and implementation of robust programs to govern cybersecurity for our clients. This role is crucial in identifying, assessing, and providing recommendations for cybersecurity risks and compliance gaps. This includes identifying and examining potential risks that could threaten our clients' infrastructure or ability to provide services. Responsibilities include identifying GRC gaps, developing and presenting various methods to mitigate findings, and providing recommendations based on analysis. The role also involves reviewing and drafting security documentation, measuring risks associated with security controls, and reporting those risks to edgefi clients.

Vision and Growth Opportunities: Our vision is to empower our clients with cutting-edge technology and innovative solutions to drive business success. As a Cybersecurity GRC Analyst, you will play a pivotal role in shaping the future of our clients' security programs. We are also committed to your professional growth, offering opportunities for continuous learning, certifications, and career advancement within the company. Your contributions will be instrumental in advancing our capabilities for our clients and ensuring we remain a trusted advisor.

Alignment with Company Values: This position aligns with our core values of integrity, excellence, and collaboration. As a Cybersecurity GRC Analyst, you will uphold the highest standards of integrity, ensuring that all solutions and recommendations are in the best interest of our company and clients. Your pursuit of excellence will drive you to continuously improve our services and approach. Collaboration is vital in our work environment; you will work closely with cross-functional teams to deliver seamless service and contribute to a culture of shared success. Joining a small team means giving 110% to the collective goals and to each team member. Respect and collaboration are what we strive for. Without each other, we cannot serve our clients in the best way possible. Projects and security strategies regularly require the expertise of multiple team members working in tandem to solve an issue. Together, we will deliver security services to new levels, supporting our company's mission and vision.

Responsibilities:

·Independently assess standards, maturity, and guidance for security, compliance, and privacy frameworks.

·Design, schedule, assign, & verify user access reviews are completed in a timely manner.

·Create process documentation, including workflows, process maps, & controls.

·Identify and implement new and/or enhanced privacy practices.

·Conduct business impact analysis (BIA) and privacy impact assessments (PIA).

·Compile and analyze data to create and deliver reports that focus on key performance indicators and update those reports, as needed, for internal and external stakeholders.

·Create and maintain data maps for business processes and IT systems.

·Provide guidance on privacy matters, including data handling and breach response protocols.

·Participate in examinations and audits relating to privacy, risk, and compliance.

·Assist team members with research and other assigned tasks.

·Perform security reviews and identify security gaps in security architecture, resulting in recommendations for inclusion into the risk mitigation strategy.

·Provide plans for defining role and attribute-based access privileges, control structures, and resources.

·Maintain oversight of third-party risks for our clients to safeguard against undue risk presented by external entities.

·Explain security controls with clarity to business and technical users.

·Performs control assessments and communicates deficiencies to control owners and management.

·Maintain risk registries and responses for clients.

·Conduct business continuity, disaster recovery, and incident response tabletops.

·Assists in the design, development, and remediation of IT general controls.

·Manages exceptions to security policies.

·Participates in maintaining and retrieving material from departmental systems and files.

·Performs other job-related duties as assigned.

Requirements

Requirements

Qualifications:

·At least 3 years of focused GRC experience.

·Extensive experience and understanding of one or more regulatory requirements, laws, and frameworks, including but not limited to NIST, ISO 27001, PCI DSS, HIPAA, GDPR, and GLBA.

·Knowledge of backup best practices.

·Familiarity with IaaS platforms such as AWS, Azure, and Google Cloud.

·Experience with privileged access management strategies, multi-factor authentication, service account management, and secrets management.

·Fluent in process improvement methodologies.

·A willingness to quickly learn and adapt to client needs.

·Experience creating and maintaining cybersecurity policies, standards, and procedures.

·CRISC, CISA, CGEIT, or GRCP are preferred but not required.

Required skills:

·Interpersonal skills: Excellent communication, listening, and customer care.

·Ability to function with limited supervision.

·Comfortable communicating on the phone, direct messaging, and by email.

·Demonstrated knowledge or experience in IT audits.

·Experience with drafting business or executive-centered briefs presentations and reports.

·Multi-tasking, prioritization, and adaptability are necessary.

·Knowledge of our services and support offered to each client.

·Understanding support tools, techniques, and how technology provides IT services.

·Comfortable working in a fast-moving environment.

·Ability to prioritize a wide range of workloads with critical deadlines.

·Excellent critical thinking and problem-solving skills.

·Demonstrated knowledge of operating systems, networking security concepts, and industry best practices.

·Highly organized and detail-oriented, with excellent written and verbal communication skills.

·Must be able to work independently and in a team setting.

·Patient and professional demeanor, with a can-do attitude.

Educational/Vocational/Previous Experience Recommendations:

·BA/BS from an accredited college in information systems, business, or computer science, preferably.

·3+ years of experience in a similar role.

Benefits

Benefits

Benefits of working at edgefi!

100% health care coverage for employees, paid vacation, paid holidays, sick time, performance-based bonuses, training, team lunches, coffee, snacks, and other perks make this a great place to work, learn, and grow.

Work Environment

The position is in an office setting that involves everyday risks or discomforts requiring standard safety precautions. The position is subject to occasional overtime.

Only local candidates need apply. (Headquarters located in Vancouver, WA)

The above statements describe the general nature and level of work being performed by individuals assigned to this position. They are not intended to be an exhaustive list of all duties, responsibilities, and skills required of personnel so classified.