- Drive internal control effectiveness through internal control monitoring, enhancements, and providing thought leadership on control design, operations, and supporting processes and policies.
- Keep abreast of regulatory and industry developments and advise leadership on the potential impact on the program strategy and plans.
- Perform security compliance readiness assessments and provide updates, recommendations, and roadmap to senior management.
- Advise, educate, and train process and control owners with the preparation and ongoing maintenance of controls and control documentation (e.g., policies, procedures) to better understand the security controls framework and their responsibilities.
- Recommend, develop, and manage the information security risk register, including the definition and reporting on key risk indicators (KRIs) and key performance indicators (KPIs).
- Work closely with Information security team members to identify, manage, and monitor risks and their associated remediation activities related to incidents, vulnerabilities, patching anomalies, penetration testing deficiencies, phishing campaigns, security architecture review exceptions, and security posture ratings.
- Define, develop, and implement capabilities to manage third-party cybersecurity risks.
- Manage review, testing, and improvements to business continuity plans.
- Maintain the policy repository and support effective policy communication.
- Proactively identify gaps or conflicts in existing policies and processes and work to develop solutions with internal business partners.
- Advise policy owners on the preparation, communication, and ongoing maintenance of policies to help them better understand policy management and their responsibilities.
- Assist in designing, implementing, training, and standardizing security controls for processing, storing, and transmitting sensitive data.
- Advise data owners on the data classification, labeling, retention, and deletion requirements to help them better understand data governance and their responsibilities.
- Drive remediation and risk mitigation activities, including root cause analysis, and owning the design, tracking, and progress of action plans across security compliance, policy, or process gap remediation activities and risk mitigation activities in partnership with internal business partners.
- Effectively communicate program and project execution status, program health and effectiveness, key accomplishments, and risks to our Security Management and business partners.
- Advanced understanding of security concepts and practical usage.
- Advanced experience in policy and data management.
- Strong understanding of risk management, business resiliency, business continuity, and disaster recovery for a SaaS/cloud-native organization.
- Strong understanding and practical experience working with amongst others, NIST cyber framework, HITRUST.
- Familiarity with Governance Risk Compliance (GRC) tools.
- 4+ years of experience in cyber security, technology risk, GRC, and/or technical compliance roles.
- Experience preferably in technology or SaaS/Cloud.
- Functional knowledge of key security domains: security and risk management, asset security, security architecture and engineering, network security, identity and access management, security operations and software development security.
- Proven security experience in an audit or advisory capacity preferred.
- Bachelor's degree or equivalent work experience with at least 5 years of Risk.
- Assurance/Compliance and or Information Security experience required.
- CRISC, CISSP, CPA, CISA, PMP, CISM certification(s) preferred.
-
Senior GRC Analyst
2 days ago
TalentRemedy Washington, United StatesThe GRC team facilitates the Information Security and data governance processes, enables risk-based decision-making, and delivers a compliance foundation to achieve and maintain compliance certifications. In this role, the · Sr. GRC Analyst · will help evolve, mature, and grow ...
-
GRC Analyst II
29 minutes ago
DICK'S Sporting Goods Coraopolis, United StatesAt DICKS Sporting Goods, we believe in how positively sports can change lives. On our team, everyone plays a critical role in creating confidence and excitement by personally equipping all athletes to achieve their dreams. We are committed to creating an inclusive and diverse wor ...
-
Information Systems Security Officer
4 days ago
DANASTAR Professional Services, LLC Washington, United StatesDANASTAR is currently seeking talented, experienced Information System Security Officers (ISSO) for an exciting position supporting one of our premier clients. Our project is aimed at establishing cutting-edge techniques for network defense, identifying threats and detecting mali ...
-
Information Systems Security Officer
1 day ago
DANASTAR Professional Services, LLC Washington, United StatesDANASTAR is currently seeking talented, experienced Information System Security Officers (ISSO) for an exciting position supporting one of our premier clients. Our project is aimed at establishing cutting-edge techniques for network defense, identifying threats and detecting mali ...
-
Cyber Security Engineer
3 days ago
A.C Company Canonsburg, United StatesNo 3rd Parties/Sub Vendors · Applicants MUST currently be local to the Greater Pittsburgh, PA area to be considered. Anyone who is not will not be considered (No relocation). · Location: 100% On-site in Canonsburg, PA · Overview: · The A.C.Coy Company has an immediate opening to ...
-
Cyber Security Engineer
1 day ago
A.C Company Canonsburg, United StatesNo 3rd Parties/Sub Vendors · Are you ready to apply Make sure you understand all the responsibilities and tasks associated with this role before proceeding. · Applicants MUST currently be local to the Greater Pittsburgh, PA area to be considered. Anyone who is not will not be c ...
-
Security Analyst III
1 day ago
IntePros Consulting Pittsburgh, United StatesSecurity Analyst · Pittsburgh, PA (hybrid) · Job Duties: · • Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations provides direction and guidance on reports and analyses and ensures recommendations are aligned with c ...
-
Security Analyst III
6 days ago
IntePros Consulting Pittsburgh, United StatesSecurity Analyst · Pittsburgh, PA (hybrid) · Job Duties: · •Reviews and analyzes complex data and information to provide insights, conclusions and actionable recommendations provides direction and guidance on reports and analyses and ensures recommendations are aligned with cu ...
-
Cyber Security Analyst
1 week ago
Genesis10 Pittsburgh, United StatesGenesis10 is currently seeking a Cyber Security Analyst with our corporate investment banking company client in their Pittsburgh, PA location. This is a 12+ month contract position with the potential of conversion to FTE. · Summary: · Seeking a Cyber Security Analyst · Cyber ri ...
-
Enterprise Risk Management
21 hours ago
Federal Home Loan Bank Pittsburgh Pittsburgh, United StatesPosition Summary · The ERM Analyst II will provide continuous interaction with various business units throughout the Bank. The primary areas of focus in this dynamic position will be risk assessments, end user computing (EUC) tools, fraud, and risk reporting including the Bank's ...
Senior GRC Analyst - Washington, United States - TalentRemedy
Description
The GRC team facilitates the Information Security and data governance processes, enables risk-based decision-making, and delivers a compliance foundation to achieve and maintain compliance certifications. In this role, the Sr. GRC Analyst will help evolve, mature, and grow our GRC program.
Considering making an application for this job Check all the details in this job description, and then click on Apply.
Responsibilities:
Skills:
Experience:
Education: