drjobs Cyber Security - Governance Risk Compliance GRC Analyst

Cyber Security - Governance Risk Compliance GRC Analyst

Employer Active

drjobs

Job Alert

You will be updated with latest job alerts via email
Valid email field required
Send jobs
Send me jobs like this
drjobs

Job Alert

You will be updated with latest job alerts via email

Valid email field required
Send jobs
Job Location drjobs

Alexander City - USA

Salary drjobs

Not Disclosed

drjobs

Salary Not Disclosed

Job Description

The management assessment and mitigation of risks are fundamental components of our information assurance and cyber security program. This position leads the IT security risk and audit program for information systems security using generally accepted standards and frameworks for IT audit and risk management (e.g. NIST ISO PCI and ISACA). The position is responsible for the development and implementation of the IT security risk and audit strategy that perform information systems and business process risk assessments and evaluate the effectiveness of technical physical and administrative controls to identify control weakness. This individual will interface with the Security Operations IT Operations and various business units to:

Perform PCI ISO COBIT and applicable State of Florida cybersecurity controlsrelated reviews to ensure that current new and technology infrastructure complies with these standards and Departments security policies.

Plan and perform IT security controls effectiveness quarterly reviews. Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls.

Maintain IT security risk and compliance matrix and performs management reporting. This will include IT systems controls and business process risks to meet compliance requirements. Provide risk mitigation strategies.

Maintain Third Party Risk Management Program (TPRM) and analyze SOC2 and other reporting including mapping to key IT security and compliance controls such as NIST PCI and COBIT.

Manage IT security vulnerabilities management program aligned with PCI and NIST standards.

Identifying and ranking the value sensitivity and criticality of the operations and assets that could be affected should a threat materialize in order to determine which operations and assets are the most important.

For the most critical and sensitive assets and operations estimating the potential losses or damage that could occur if a threat materializes including recovery costs.

Identifying costeffective actions to mitigate and reduce risk. These actions can include implementing new organizational policies and procedures as well as the design of technical or physical controls.

Coordinating tracking and verifying remediation of audit findings.

Documenting the results and developing a plan of action and milestones for mitigating any identified risk.

Produce formal audit reports based on ISACA Audit Standards.

Promotes compliance with regulatory requirements (e.g. PCI DSS) and IT best practices.

GRC Risk Analyst Skills & Requirements:

710 years of IT Audit experience (CISA certified preferred)

3 years of IT Risk Management lifecycle experience

3 years of handson technical experience (e.g. developer system administrator)

Experience working with NIST 80030 Risk Assessment Standard

Extensive experience with IT General Controls evaluation and design

Advanced skill level in business process mapping and documentation as well as policy and procedure development

Recent experience in Information Security with uptodate knowledge of the current threat landscape.

Solid understanding of PCI DSS standards

Education and Certifications:

Bachelors Degree in Computer Science Information Systems Business Administration or other related field and/or equivalent work experience.

CISA and CISSP certifications (preferred).

Employment Type

Full Time

Company Industry

About Company

Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.