Senior GRC Analyst---Raleigh, NC

Hello, 
 
Hope you are doing well. I had a chance to review your profile and wanted to discuss about a long term position with our client a major Systems Integrator. Please go through the below mentioned JD and let me know if you would be interested to explore the opportunity.
 

---

Job Title:                             Senior GRC Analyst

Location:                             Raleigh, NC

Duration:                             6-12 months 

Client -                                 HCLA

 

Senior Governance, Risk and Compliance Analyst

 

The Senior Governance, Risk and Compliance (GRC) Analyst position is technical and analytical in nature and calls for a fast-learner with a history of technical and business experience. The ideal candidate will have strong organizational skills and the ability to manage a diverse workload in a fast-paced environment. Responsibilities may include ISO27001:2013 certification management, information security (InfoSec) risk analytics, governance policy and standards drafting, risk remediation process implementation, NIST800 compliance and framework management, disaster recovery program management, as well as other GRC subject matter expert related duties in support of the Enterprise Information Security (EIS) team. This role requires an ability to apply InfoSec risk management principles, partnering with various diverse teams to provide guidance to business stakeholders across different functional business areas of the enterprise.

Duties and Responsibilities
 

• Documentation review; drafting of policy, procedures and standards, certification and accreditation documents
• Monitor compliance for regulatory requirements such as DFARS/NIST 800-171, NIST 800-53, NIST Cybersecurity Framework, ITAR, and other Federal regulations, including any new regulatory initiatives applicable to the business (e.g. GDPR)
• Perform InfoSec risk and control assessments and report on risks and recommend mitigation strategies
• Document and monitor InfoSec remediation and control improvements.
• Collaborate with Incident Response, Vulnerability Management and Insider Threat teams to develop risk mitigation strategies from new and emerging risks
• Build awareness and accountability around IT governance, risk, and compliance control functions
• Articulate InfoSec risk into business terms while engaging with stakeholders
• Serve as an EIS liaison to business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., InfoSec best practices, policy and procedure development, employee education and awareness, security exceptions)
• Maintain the supplier risk management process to identify and mitigate the risk of third-party relationships
• Develop and maintain disaster recovery management plans for critical IT applications and liaison with the business continuity analysts in support of the corporate resiliency program
• Manage various projects, including effective project tracking, issue handling, and follow up
• Maintain confidentiality of all investigations, reports, and other confidential and sensitive information associated with position
• Interact enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff
• Define and deliver appropriate EIS GRC metrics, analytics, and scorecards
• Organize and leads EIS GRC related meetings and prepare meeting agendas and minutes
• Be team-oriented and promote execution and change through influence

 

Minimum Qualifications
 

• Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field required; graduate degree in a security domain highly preferred.
• At least four (4) years of specific experience with methodologies, activities, tools and enablers in a technology related industry that track to the roles and responsibilities listed and seven (7) – ten (10) years of total experience in business process analysis, project methodology and domain leadership required.
• Possess industry-specific knowledge regarding security related regulations and controls, such as Sarbanes Oxley, Gramm Leach Bliley (GLB), Data Privacy, ISO 27001, Fed Ramp, and NIST 800, as well as technical approach and best practice advice for practitioners 
• Excellent written and verbal communication skills.
• Strong analytical and problem-solving skills.
• Ability to work both independently and as part of a team to deliver quality work product in a timely fashion in a fast-paced environment.
• Ability to multi-task and prioritize tasks.
• Ability to work well with people from many different disciplines with varying degrees of technical experience.
• Ability to adapt to a dynamic, rapidly changing business and technical environment.
• Ability to exercise good professional judgment.
• Ability to maintain confidentiality.
• Ability to oversee all aspects of projects and manage projects through the entirety of the life cycle
• Ability to develop security standards and guidelines based on best practices and industry standards

Preferred Qualifications

• Infosec related training or certifications such as CISSP CISA, CRISC, CISM, or GIAC
• Experience performing information security audits or risk assessments
• Experience with security auditing processes
• Experience with GRC automation software, ServiceNow, or other compliance and workflow tools. 

 

 

Regards,

Ajay Bhakuni

Team Lead

ASK Staffing Inc. | Global Delivery Center

Direct: +1 415-728-9001

Email: ajayb@askstaffing.com

Web: www.askstaffing.com

 

ASK Staffing, Inc, 6495 Shiloh Rd, Suite 300, Alpharetta, GA 30005 SafeUnsubscribe™ mbawithfun.co.nr.jobhunt@blogger.com Click here to forward this message | Update Profile | About our service provider Sent by ajayb@askstaffing.com