Information Security Governance, Risk and Compliance Analyst

The Role

We'relooking for an Information Security Governance,Risk & Compliance Analystto join our growing Information Security team.

This role will bereportingtothe

Managerof Information Security Governance ,Risk& Compliance.

Oursecurityteamworksto create astrong Information Security function within

GTIthat enables the business to continue its tremendous growth. The Information Security Governance, Risk & Compliance Analystis responsible formaintainingcontinuouscompliance with security policies, industry laws,and regulations (HIPAA, SOX, NIST, etc.). The candidate must communicate effectively with business partnersandteam membersto help raise the level of security awareness, security compliance, and security risk.

The candidate will perform environment-specific risk assessments factoring in both qualitative and quantitative risks andassistwith the deployment of various controls based on those assessments.

This role will also involve ongoing monitoring and improvement of security governance, ensuring a proactive approach to risk management.

The role is based out of our Chicago, office. While the role is primarily remote, you need to live in the Chicagoland area and commute to the office on an as needed basis.

• Own the relationshipworkingwith IT and business stakeholders to perform ongoing internal and vendor risk assessments,providing reporting to stakeholders,and ensuring appropriate actionis taken.

• Update and track KPIs from the Information Security risk register and work with stakeholders on developing Corrective Action Plans to address risks.

• Provide guidance to newer staff working with internal IT stakeholders for vulnerability management,ensuring vulnerabilities are remediate din accordance with policy and SLAs.

• Own the process for working with IT and business stakeholders to perform ongoing compliance reviews in line with security policies, information security regulations (HIPAA, SOX/ITGC),and security frameworks (NIST, MITRE, etc.).

• Assistwithongoinginternaloperationsandtasks,including
  
  ITGCsecurityreviews.

• Spearhead theongoinginternalandexternal
  
  SOXandHIPAAauditsandothersecurityauditsthatarerelevantto
  
  GTI'sbusiness.

• Provideupdatesand insight duringthe development and maintenance of Information Security policies,standard sand procedures, aligning with NIST.

• Leadtheidentification of security training and awareness initiatives for the organization.

• Participateinincidentresponsetabletops,businesscontinuitytests,andothercomplianceactivitiesandexercises.

• Maintain
  
  KPIs and KRIs for Information Security risk & compliance activities.

• Execute tasks as a member of the Information Security team as assigned by management.

• Provide mentorship and guidance to Associate Information Security GRC Analysts.

• Stay up to date on relevant laws and regulations to ensure continuous compliance andauditreadiness.

• Collaborate with the IT and security teams in response to security incidents, ensuring proper documentation and reporting.

• 3+ years of experience with responsibilities relating to security and compliance.

• Bachelor's degree or higher in Information Securityor Information Technology may help you standout butis not required. Demonstrated work experience can be substituted.

• Strong written and oral communication skills.

• Strong conceptual understanding of Information Security theories.

• Knowledge of network, application, and cloud security controls.

• Knowledge of regulatory frameworks and compliance standards such asNIST, MITRE, OWASP, HIPAA,PCI-DSSand SOX.

• Strong analytical and problem-solving skills with well-organized and structured work habits, andthe ability toidentifyand mitigate risks.

• Security certifications, such asCRISC,CISAarepreferred, butnotrequired.

• We'redoingsomebigthings,andwe'llfindsomeroadblocksalongtheway,bigandsmall.
  
  Abigpartofthisroleiskeepinganeven keeland findingtheroutethroughor around the obstacles.

• This role requires lots of communication with customers and everyone r colleagues will rely on yourabilitytotranslatesecurityrequirementsintodigestiblebitsofinformationforthem.
  
  Customerswillexpectyouto quickly articulate components of the GTI security program to help them assess risk, including as part of thebusinessdevelopment process.

• Aninsatiableintellectualcuriosityandtheability tolearnquicklyinacomplexspace.

• Must passany and all required background checks
• Must be and remain compliant with all legal or company regulations for working in the industry
• Must be a minimum of 21 years of age

#LI-HYBRID

The pay range is competitive and based on experience, qualifications, and/or location of the role. Positions may be eligible for a discretionary annual incentive program driven by organization and individual performance.

Green Thumb Pay Range

$80, USD

Required

Preferred

Job Industries

• Other