Security GRC Analyst

Security GRC Analyst

Location: Remote

Duration: 12 months

Role Description:

• Conduct Application Risk Assessments to evaluate compliance to Policy and identify risks related to application access control
• Develop compliance strategies and providing compliance consultation and risk assessment services to several areas of business within the company.
• Develop and implement remediation strategies to mitigate risks associated with the
• Confidentiality Availability and Integrity of data
• Validation of controls implemented by application teams to mitigate identified access control related risks
• Provide regular status updates to the Project Owner and the IPO Leadership informing of the effectiveness of data security controls and offering recommendations for the adoption of new procedures standards and /or policies
• Provide strategic and tactical direction and consultation on Information Security and IT
• Compliance to Business areas
• Develop risk management strategies that align with business goals and protect the confidentiality integrity and availability of information systems and data.
• Identify and communicate recommended security and business continuity controls and control deficiencies to business units.
• Define identify and classify information assets assess threats and vulnerabilities regarding those assets as well as recommend appropriate information security controls and measures
• Qualified candidates will be responsible to meet milestones of the plan throughout the engagement.
• This role entails moderate to high levels of risk accountability and responsibility for the mitigation of risk the companys confidential data.
• Experience in security with a proficiency in a risk management framework with the ability to assess administrative and technical controls.
• Information security information technology IT controls assessment or technology risk management related work experience.

Addl Notes/Details:

• The Security GRC Analyst develops and implements policies controls and procedures to protect information system assets from intentional or inadvertent modification disclosure or destruction.
• Provides guidance and direction for the protection of information systems and assets to other business units.
• Proactively assesses third parties that client works with to ensure the confidentiality and security of data.
• Monitors the effectiveness of data security measures and provides support on information security issues systems processes products and services.
• Identifies elements to support strategic security objectives across the enterprise and actively promotes security awareness.

Risk Assessments,risk management framework