Ref ID: 04030-0011763723
Classification: Data Security Analyst
Compensation: $80000.00 to $115000.00 yearly
The GRC Security Analyst will support requirements of three programs:
▪ Governance – ensuring appropriate decision-making structures and processes and
managing creation and maintenance of governance documents (e.g. policies, standards,
procedures) of Information Technology and Security teams.
▪ Risk Management – identify, analyze, and facilitate decision-making and actioning on
risks. Ensure alignment with ERM processes and organizational risk appetite.
▪ Compliance – identify organizational mandatory and voluntary requirements, translate
them into IT/S controls, facilitate implementation of requirements and perform regular
control assurance exercises.
Manage and execute projects to ensure design of controls is aligned to compliance/regulatory
requirements, including improving existing compliance/regulatory processes and controls.
• Assist and lead in the execution of compliance programs around Privacy and Security
frameworks.
• Work closely with control owners and stakeholders to gather required documents and address
questions.
• Perform and lead compliance assessments and data security governance reviews for internal
applications and products as well as service providers utilizing established IT risk assessment
frameworks and assessment programs.
• Prepare and present assessment findings to a cross-functional teams such as product,
engineering, security, sourcing, legal, and compliance.
• Lead an operating rhythm to report key metrics including status of assessments and issue
management.
• Develop IT/S policies, standards, and procedures and work through the process to get them
reviewed, approved, and published. Lead training and awareness session to explain the
requirements to others.
• Identify organizational and regulatory requirements and draft IT/S controls required to meet.
• Participate in other security and audit compliance efforts.
• Regularly communicate project status, compliance results and issues to control owners,
stakeholders and management.
• Interact with multiple cross functional teams to educate, train and address questions related to
process, policies, controls and risk mitigation.
• Consider and promote continuous improvement in respective processes, controls and
compliance certifications.
• Stay current and utilize industry standards and best practices to drive improvements in overall
security posture.
• Learn, understand, utilize and administer our GRC platform.
• Support timely remediation of regulatory and audit findings and recommendations.
• Support vendor due diligence to define third party risk management efforts.
• Identify strengths and weaknesses in the security program as they relate to privacy, security,
business resiliency and compliance frameworks.
• Maintain strong oversight of third parties, vendors and business partners to safeguard against
undue risk presented by external entities. Escalate to security management and business unit
leads when points of weakness are discovered.
• Analyze findings, and document, recommend and report program gaps to security leadership.
• Monitor current and proposed security changes impacting regulatory, privacy and security
industry best practice guidance.
EDUCATION, CERTIFICATIONS, AND TRAINING: • Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience. • Must maintain or be working toward one or more of the following Compliance, Risk Management, or Governance certifications: CRISC, CISM, CGEIT or CISA. SKILLS AND BACKGROUND: • 10+ years of progressive experience in IT Information Security required. • 5+ years’ experience in GRC or cybersecurity as a practitioner with at least 2+ years’ exposure with various security frameworks. • Strong business acumen and proven ability to align with security practices and compliance responsibilities. • Experience and understanding of various regulatory requirements and laws, including but not limited to FFIEC, NCUA, PCI, SOX, HIPAA, GDPR and GLBA. Additional experience in one or more of the following: ISO 27001/2, ITIL or NIST. • Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business. • Capacity to understand legacy and progressive technology and security controls along with respective risk. • Working knowledge of technologies such as cloud computing, DevOps and application security is required. • Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines. • Track record of acting with integrity, being inquisitive, adaptable, and communicating effectively. • Preferred experience with cloud environments such Amazon Web Services (AWS) and Microsoft Azure. • Prior experience with leading GRC systems from vendors such as RSA, MetricStream, IBM and TruOps. • Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements. • Self-motivated and well-organized, with the vision to position controls in anticipation of threats. • Successful track record of managing external entities’ contracts and relationships, and mitigating risks to business development opportunities. • Familiarity with state, federal and international privacy laws.
Robert Half Technology matches IT professionals with remote or on-site jobs on a temporary, project or full-time basis. From roles in software and applications to IT infrastructure and operations, we provide you unparalleled access to exciting career opportunities.
Our experienced staffing professionals can promote you to employers and advocate on your behalf. We provide access to top jobs, competitive compensation and benefits, and free online training. For more opportunities, get the Robert Half app and receive instant notifications when our AI matches you with jobs.
When you work with us, you’re working with the best. Robert Half has been recognized as one of FORTUNE’s “Most Admired Companies” every year since 1998 and was named to Forbes’ inaugural list of America’s Best Temporary Staffing Firms.
Questions? Call your local office at
1.888.490.4429
. All applicants applying for U.S. job openings must be authorized to work in the United States. Benefits are available to temporary professionals. Visit [ Link removed ] - Click here to apply to GRC Security Anaylstfor more information.
© 2020 Robert Half Technology. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking “Apply Now,” you’re agreeing to Robert Half’s Terms of Use (www.roberthalf.com/terms-of-use).
Governance
Information Security
Sarbanes Oxley Act (Sox) Compliance
Certified In Risk And Information Systems Control
Certified In The Governance Of Enterprise It
Classification: Data Security Analyst
Compensation: $80000.00 to $115000.00 yearly
The GRC Security Analyst will support requirements of three programs:
▪ Governance – ensuring appropriate decision-making structures and processes and
managing creation and maintenance of governance documents (e.g. policies, standards,
procedures) of Information Technology and Security teams.
▪ Risk Management – identify, analyze, and facilitate decision-making and actioning on
risks. Ensure alignment with ERM processes and organizational risk appetite.
▪ Compliance – identify organizational mandatory and voluntary requirements, translate
them into IT/S controls, facilitate implementation of requirements and perform regular
control assurance exercises.
Manage and execute projects to ensure design of controls is aligned to compliance/regulatory
requirements, including improving existing compliance/regulatory processes and controls.
• Assist and lead in the execution of compliance programs around Privacy and Security
frameworks.
• Work closely with control owners and stakeholders to gather required documents and address
questions.
• Perform and lead compliance assessments and data security governance reviews for internal
applications and products as well as service providers utilizing established IT risk assessment
frameworks and assessment programs.
• Prepare and present assessment findings to a cross-functional teams such as product,
engineering, security, sourcing, legal, and compliance.
• Lead an operating rhythm to report key metrics including status of assessments and issue
management.
• Develop IT/S policies, standards, and procedures and work through the process to get them
reviewed, approved, and published. Lead training and awareness session to explain the
requirements to others.
• Identify organizational and regulatory requirements and draft IT/S controls required to meet.
• Participate in other security and audit compliance efforts.
• Regularly communicate project status, compliance results and issues to control owners,
stakeholders and management.
• Interact with multiple cross functional teams to educate, train and address questions related to
process, policies, controls and risk mitigation.
• Consider and promote continuous improvement in respective processes, controls and
compliance certifications.
• Stay current and utilize industry standards and best practices to drive improvements in overall
security posture.
• Learn, understand, utilize and administer our GRC platform.
• Support timely remediation of regulatory and audit findings and recommendations.
• Support vendor due diligence to define third party risk management efforts.
• Identify strengths and weaknesses in the security program as they relate to privacy, security,
business resiliency and compliance frameworks.
• Maintain strong oversight of third parties, vendors and business partners to safeguard against
undue risk presented by external entities. Escalate to security management and business unit
leads when points of weakness are discovered.
• Analyze findings, and document, recommend and report program gaps to security leadership.
• Monitor current and proposed security changes impacting regulatory, privacy and security
industry best practice guidance.
EDUCATION, CERTIFICATIONS, AND TRAINING: • Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience. • Must maintain or be working toward one or more of the following Compliance, Risk Management, or Governance certifications: CRISC, CISM, CGEIT or CISA. SKILLS AND BACKGROUND: • 10+ years of progressive experience in IT Information Security required. • 5+ years’ experience in GRC or cybersecurity as a practitioner with at least 2+ years’ exposure with various security frameworks. • Strong business acumen and proven ability to align with security practices and compliance responsibilities. • Experience and understanding of various regulatory requirements and laws, including but not limited to FFIEC, NCUA, PCI, SOX, HIPAA, GDPR and GLBA. Additional experience in one or more of the following: ISO 27001/2, ITIL or NIST. • Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business. • Capacity to understand legacy and progressive technology and security controls along with respective risk. • Working knowledge of technologies such as cloud computing, DevOps and application security is required. • Up-to-date understanding of a wide-range of incident response, system configuration, vulnerability management and hardening guidelines. • Track record of acting with integrity, being inquisitive, adaptable, and communicating effectively. • Preferred experience with cloud environments such Amazon Web Services (AWS) and Microsoft Azure. • Prior experience with leading GRC systems from vendors such as RSA, MetricStream, IBM and TruOps. • Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements. • Self-motivated and well-organized, with the vision to position controls in anticipation of threats. • Successful track record of managing external entities’ contracts and relationships, and mitigating risks to business development opportunities. • Familiarity with state, federal and international privacy laws.
Robert Half Technology matches IT professionals with remote or on-site jobs on a temporary, project or full-time basis. From roles in software and applications to IT infrastructure and operations, we provide you unparalleled access to exciting career opportunities.
Our experienced staffing professionals can promote you to employers and advocate on your behalf. We provide access to top jobs, competitive compensation and benefits, and free online training. For more opportunities, get the Robert Half app and receive instant notifications when our AI matches you with jobs.
When you work with us, you’re working with the best. Robert Half has been recognized as one of FORTUNE’s “Most Admired Companies” every year since 1998 and was named to Forbes’ inaugural list of America’s Best Temporary Staffing Firms.
Questions? Call your local office at
1.888.490.4429
. All applicants applying for U.S. job openings must be authorized to work in the United States. Benefits are available to temporary professionals. Visit [ Link removed ] - Click here to apply to GRC Security Anaylstfor more information.
© 2020 Robert Half Technology. An Equal Opportunity Employer. M/F/Disability/Veterans. By clicking “Apply Now,” you’re agreeing to Robert Half’s Terms of Use (www.roberthalf.com/terms-of-use).
Recommended Skills
Iso/Iec 27001Governance
Information Security
Sarbanes Oxley Act (Sox) Compliance
Certified In Risk And Information Systems Control
Certified In The Governance Of Enterprise It