Senior GRC Analyst - Washington, United States - TalentRemedy

Description

The GRC team facilitates the Information Security and data governance processes, enables risk-based decision-making, and delivers a compliance foundation to achieve and maintain compliance certifications. In this role, the Sr. GRC Analyst will help evolve, mature, and grow our GRC program.

Considering making an application for this job Check all the details in this job description, and then click on Apply.

Responsibilities:

• Drive internal control effectiveness through internal control monitoring, enhancements, and providing thought leadership on control design, operations, and supporting processes and policies.
• Keep abreast of regulatory and industry developments and advise leadership on the potential impact on the program strategy and plans.
• Perform security compliance readiness assessments and provide updates, recommendations, and roadmap to senior management.
• Advise, educate, and train process and control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures) to better understand the security controls framework and their responsibilities.
• Recommend, develop, and manage the information security risk register, including the definition and reporting on key risk indicators (KRIs) and key performance indicators (KPIs).
• Work closely with Information security team members to identify, manage, and monitor risks and their associated remediation activities related to incidents, vulnerabilities, patching anomalies, penetration testing deficiencies, phishing campaigns, security architecture review exceptions, and security posture ratings.
• Define, develop, and implement capabilities to manage third-party cybersecurity risks.
• Manage review, testing, and improvements to business continuity plans.
• Maintain the policy repository and support effective policy communication.
• Proactively identify gaps or conflicts in existing policies and processes and work to develop solutions with internal business partners.
• Advise policy owners on the preparation, communication, and ongoing maintenance of policies to help them better understand policy management and their responsibilities.
• Assist in designing, implementing, training, and standardizing security controls for processing, storing, and transmitting sensitive data.
• Advise data owners on the data classification, labeling, retention, and deletion requirements to help them better understand data governance and their responsibilities.
• Drive remediation and risk mitigation activities, including root cause analysis, and owning the design, tracking, and progress of action plans across security compliance, policy, or process gap remediation activities and risk mitigation activities in partnership with internal business partners.
• Effectively communicate program and project execution status, program health and effectiveness, key accomplishments, and risks to our Security Management and business partners.

Skills:

• Advanced understanding of security concepts and practical usage.
• Advanced experience in policy and data management.
• Strong understanding of risk management, business resiliency, business continuity, and disaster recovery for a SaaS/cloud-native organization.
• Strong understanding and practical experience working with amongst others, NIST cyber framework, HITRUST.
• Familiarity with Governance Risk Compliance (GRC) tools.

Experience:

• 4+ years of experience in cyber security, technology risk, GRC, and/or technical compliance roles.
• Experience preferably in technology or SaaS/Cloud.
• Functional knowledge of key security domains: security and risk management, asset security, security architecture and engineering, network security, identity and access management, security operations and software development security.
• Proven security experience in an audit or advisory capacity preferred.

Education:

• Bachelor's degree or equivalent work experience with at least 5 years of Risk.
• Assurance/Compliance and or Information Security experience required.
• CRISC, CISSP, CPA, CISA, PMP, CISM certification(s) preferred.