- Contribute to the creation and maintenance of cybersecurity control statements, policies, standards, and guidelines.
- Ensure policies are up-to-date and align with industry best practices and frameworks.
- Communicate policy changes and updates to relevant stakeholders.
- Assist in the development of security awareness training programs and materials.
- Assist with the planning and execution of cybersecurity awareness events and communication campaigns.
- Organize and deliver training sessions to teammates on security best practices.
- Monitor and report on the effectiveness of security awareness initiatives.
- Assist with the collection, analysis, and presentation of cybersecurity program performance metrics and key risk indicators (KRIs).
- Conduct regular assessments of technology-related risks within applications, platforms, and processes.
- Identify risks and assist in the development of mitigation strategies and risk management plans.
- Provide policy, risk, and compliance input on the design of required security measures.
- Serve as a second line of defense to ensure appropriate design and operating effectiveness of PCI DSS and SOX controls.
- Collaborate with cross-functional teams to implement necessary controls.
- Maintain compliance documentation and reporting.
- 1-3 years of experience in cybersecurity, GRC, or technology audit
- Some working knowledge and experience with cybersecurity controls frameworks such as the NIST CSF is preferred
- Previous experience with cybersecurity policy lifecycle, control statements, standards, and guidelines is preferred
- Some knowledge of PCI-DSS and SOX technology control requirements
- Some knowledge of security awareness techniques and processes
- Effective communication skills that can be adjusted to relevant audiences
- Analytic and problem solving skills
- Ability to work effectively in a team and remote work environment
- Bachelors in Cybersecurity, MIS, Computer Science, or related field is preferred but not required
- 1-3 years of experience in cybersecurity, GRC, or technology audit
- Some working knowledge and experience with cybersecurity controls frameworks such as the NIST CSF is preferred
- Previous experience with cybersecurity policy lifecycle, control statements, standards, and guidelines is preferred
- Some knowledge of PCI-DSS and SOX technology control requirements
- Some knowledge of security awareness techniques and processes
- Effective communication skills that can be adjusted to relevant audiences
- Analytic and problem solving skills
- Ability to work effectively in a team and remote work environment
- Bachelors in Cybersecurity, MIS, Computer Science, or related field is preferred but not required
-
GRC Analyst II
2 days ago
DICK'S Sporting Goods Coraopolis, United StatesAt DICKS Sporting Goods, we believe in how positively sports can change lives. On our team, everyone plays a critical role in creating confidence and excitement by personally equipping all athletes to achieve their dreams. We are committed to creating an inclusive and diverse wor ...
-
Remote GRC Analyst
3 weeks ago
Piper Companies Toronto, United StatesPiper Companies is seeking a Remote GRC Analyst to join an innovative Financial analytics company based in Toronto, Canada . The GRC Analyst will support the security strategy of the business within new and existing information system capabilities. · Responsibilities of the GR ...
-
Security Risk Analyst
1 week ago
Alcoa Pittsburgh, United States Full timeÀ propos du rôle : · En tant qu'Analyste des Risques de Sécurité, vous jouerez un rôle clé dans la conception et la mise en œuvre d'un nouveau programme, encore en phase de développement. Ce professionnel rejoindra notre équipe de Gouvernance, Risque et Conformité (GRC) au sein ...
-
Monitoring Analyst
1 week ago
Highmark Pittsburgh, United StatesThis job prepares and performs governance, risk, and compliance (GRC) risk monitoring and executes risk treatment processes and activities. This includes monitoring, tracking, and reporting on risk across second line of defense functions (i.e., priva Monitoring, Analyst, Monitor, ...
-
Enterprise Risk Management
3 days ago
FHLBank Pittsburgh Pittsburgh, United StatesPosition Summary · The ERM Analyst II will provide continuous interaction with various business units throughout the Bank. The primary areas of focus in this dynamic position will be risk assessments, end user computing (EUC) tools, fraud, and risk reporting including the Bank's ...
-
Enterprise Risk Management
2 weeks ago
Federal Home Loan Bank of Pittsburgh Pittsburgh, United StatesPosition Summary · The ERM Analyst III is part of the Enterprise Risk Management (ERM) team. This individual will provide continuous interaction with various business units throughout the Bank. The primary areas of focus in this position will be leading the Bank's operating inci ...
-
Niche - Niche - Contractor
2 weeks ago
Indotronix International Corporation Pittsburgh, United States FreelanceIndotronix is seeking a IT - Risk Specialist Senior in Pittsburgh, PA, Strongsville, OH, Birmingham, AL, and Farmers Branch, TX technology hubs · Position: IT - Risk Specialist Senior · Position Location: Pittsburgh, PA, Strongsville, OH, Birmingham, AL, and Farmers Branch, TX ...
-
Security Risk Analyst
1 week ago
Alcoa New Kensington, United StatesShape Your World · At Alcoa, you will become an essential part of our purpose: to turn raw potential into real progress. The way we see it, every Alcoan is a work-shaper, team-shaper, idea-shaper, world-shaper. · As a leader within Alcoa, you can help us fulfill our purpose and ...
-
Security Risk Analyst
2 days ago
Alcoa New Kensington, United StatesShape Your World · At Alcoa, you will become an essential part of our purpose: to turn raw potential into real progress. The way we see it, every Alcoan is a work-shaper, team-shaper, idea-shaper, world-shaper. · As a leader within Alcoa, you can help us fulfill our purpose and ...
-
Security Risk Analyst
2 weeks ago
Alcoa New Kensington, United StatesShape Your World · At Alcoa, you will become an essential part of our purpose: to turn raw potential into real progress. The way we see it, every Alcoan is a work-shaper, team-shaper, idea-shaper, world-shaper. · As a leader within Alcoa, you can help us fulfill our purpose and ...
GRC Analyst II - Coraopolis, United States - DICK'S Sporting Goods
Description
At DICK'S Sporting Goods, we believe in how positively sports can change lives. On our team, everyone plays a critical role in creating confidence and excitement by personally equipping all athletes to achieve their dreams. We are committed to creating an inclusive and diverse workforce, reflecting the communities we serve.
If you are ready to make a difference as part of the world's greatest sports team, apply to join our team today
OVERVIEW:
We are seeking a highly motivated GRC Analyst II to help us maintain a robust cybersecurity governance, risk, and compliance program. The ideal candidate will play a pivotal role in reducing cybersecurity risk and maintaining technology compliance while enabling the business to serve our athletes and teammates. This position is ideal for candidates who are looking to further their career in the cybersecurity field.
Policy/Standard/Control Statement Development and Maintenance:
Security Awareness Training:
Technology Risk Assessment:
PCI and SOX Compliance:
QUALIFICATIONS:
Targeted Pay Range: $67,100 - $109,000. This is part of a competitive total rewards package that could include other components such as: incentive, equity and benefits. Individual pay is determined by a number of factors including experience, location, internal pay equity, and other relevant business considerations. We review all teammate pay regularly to ensure competitive and equitable pay. We also offer a generous suite of benefits. To learn more, visit