Security Risk Analyst

Overview

GRC Analyst role s role reports to the Senior Director, Governance Risk & Compliance and will assist in the management of corporate compliance and risk management, third-party vendor management, and operational monitoring to ensure that Information Security policies and procedures are implemented and well documented, and that compliance issues are identified with remediation plans formalized in a timely fashion.

• Independently evaluates and analyzes issues or recommendations for improvements in processes to mitigate risks and bring programs and operations into compliance with the goals and objectives of the Corporate Compliance Program, and communicates results to management and key stakeholders.
• Lead development and execution of internal Information Security risk identification and assessment program, including risk assessments, internal project security reviews, coordination of risk treatment activities, and communication of assessment results.
• Serve as company representative with clients and partners, responding to security questionnaires and managing audits.
• Review and improve the risk assessment methodology, process, and procedures.
• Assist in developing and administering ongoing IT compliance monitoring and governance activities.
• Advise internal business clients on the effectiveness of corrective action plans in case of non-compliance or detected vulnerabilities.
• Contribute to project requests from functional teams to increase operational efficiency and meet regulatory or compliance requirements.
• Perform ad-hoc compliance requests or additional duties as assigned.

• BS, BA in Information Technology, Computer Science or related fields; certifications such as CISSP, CISA, CISM, CRISC, CPP(ASIS), ISO 27001 Lead Auditor, or similar.
• Experience conducting internal risk assessment workshops and guiding functional teams in implementing, monitoring, and reporting risk treatment measures to enforce policies and controls.
• Extensive information security regulatory compliance experience (ISO 27001, PCI DSS, SOC 2, EI3PA, HIPAA, or similar).
• Experience interpreting industry and regulatory requirements and authoring supporting controls.
• Experience performing third-party assurance assessments;
  Audit Board experience for risk assessments and compliance management is a plus.
• Excellent client relationship and customer service skills, with a clear client focus; strong project management and communication skills.
• High degree of independence and a solution-oriented mindset; familiarity with core IT and information security technologies.

Hire Right offers a competitive salary, permanent contract, and a comprehensive benefits package. From day one you will receive a training plan to onboard quickly.

• Medical
• Dental
• Vision
• Paid Life/AD&D Insurance
• Voluntary Life Insurance
• Short & Long Term Disability
• Flexible Spending Accounts
• 401K
• Generous Vacation and Sick Program
• 10 Paid Holidays
• Education Assistance Program
• Business Casual Attire
• Generous Referral Program
• Employee Discounts and Rewards

All resumes are held in confidence. Only candidates whose profiles closely match requirements will be contacted during this search. Hire Right does not sponsor visas or accept unsolicited resumes from search firms or staffing agencies.

Note: Please submit resume/CV in English.

Mid-Senior level

Full-time

Business Development and Sales

Human Resources Services