Senior CyberSecurity

Position

Senior Cyber Security GRC Analyst (San Jose, CA)

• Governance & Compliance Leadership
  • Develop and manage the overarching Compliance Program to ensure alignment with industry standards (e.g., SOC2, NIST 800-171, ISO 27001, NIST 800-53).
  • Partner with IT Security Operations to ensure security controls are properly designed, implemented, and operating effectively.
  • Lead the end‑to‑end cybersecurity audit process (internal and external), including the preparation of response documentation and the execution of remediation plans.
  • Develop and distribute high‑level information security reports and compliance dashboards to key stakeholders.
• Risk Management & Assessment
  • Lead comprehensive cybersecurity risk assessments across the enterprise, identifying vulnerabilities and recommending prioritized mitigation strategies.
  • Develop and maintain the Corporate Risk Register, tracking risk acceptance, treatment plans, and residual risk.
  • Perform quantitative and qualitative risk analysis to inform executive decision‑making and resource allocation.
• Identity & Access Governance
  • Oversee and collaborate with stakeholders to execute quarterly user access reviews (UAR) and monthly user activity monitoring.
  • Ensure timely completion, technical accuracy, and rigorous documentation of all access reviews to meet audit requirements.
  • Analyze access trends and 'over-privileged' accounts to recommend least privilege improvements and role‑based access control (RBAC) refinements.
• Third-Party Risk Management (TPRM)
  • Own and maintain third‑party risk management evaluation practices, ensuring vendors are vetted against corporate security standards to mitigate supply‑chain risk.
• Policy & Process Engineering
  • Author, maintain, and update information security policies and standard operating procedures (SOPs) to ensure alignment with evolving industry standards.
  • Manage and govern change management processes to ensure security stability and compliance during technical transitions.

• Minimum 10 years of experience managing cybersecurity compliance programs from inception to completion.
• Hands‑on experience with SOC 2 and a deep understanding of IT technical security controls.
• Framework Proficiency – Expert knowledge of industry‑standard programs (e.g., ISO 27001, CIS v8.1, NIST 800-53, NIST 800-171, CMMC, FedRAMP).
• Analytical Skills – Strong analytical thinking with the ability to prioritize complex tasks within a fast‑paced, evolving environment.
• Security Knowledge – A strong foundation in IT security concepts with a heavy emphasis on security risk assessment.
• Certifications – Relevant professional certifications such as CISSP, CISM, or CISA.

• W2 contract position; not eligible for C2C or W2 referral candidates.