Information Security Analyst (GRC)
CareerCircle
Posted Wednesday, August 14, 2024
Job Description
Working in the IT Security Office, the Information Security Analyst (GRC) will be responsible for day-to-day information technology (IT) governance, risk management, and compliance (GRC) functions. The candidate will be experienced in or knowledgeable about a broad range of security, risk, and compliance subject areas. The candidate will help define, create, and manage IT policies and standards in support of legal and regulatory compliance needs with an initial focus on performing a wide range of security assessments. The position will be a team member in a fast-paced, growing environment focusing on assessment, protection, detection, response, and recovery. It requires the ability to switch between a range of tasks as needs arise and exercise sound problem-solving skills. The candidate must be able to develop and present information, ideas, and instructions with minimal oversight and exhibit strong written and verbal communications skills.
• Familiarity with business continuity and disaster recovery frameworks, principles, and best practices
• Familiarity with risk assessment and management frameworks, principles, and best practices (NIST CSF, 800-171…)
• Experience with policy management and necessary standards (GLBA, HIPAA, FERPA, PCI-DSS)
• Strong analytical, evaluative, and problem-solving abilities and exceptional customer service orientation.
• Demonstrate the skill to communicate effectively orally and in writing with non-technical and technical audiences
• Exceptional business and technical writing capabilities
Additional Skills & Qualifications
Preferred
• Risk Management Certification
• GRC Certification
• CISSP