Job Details

ID #6213063
Estado Carolina del Norte
Ciudad Raleigh / durham / CH
Tipo de trabajo Contract
Salario USD Depends on Experience Depends on Experience
Fuente WB Solutions LLC
Showed 2020-11-29
Fecha 2020-11-28
Fecha tope 2021-01-27
Categoría Etcétera
Crear un currículum vítae

GRC Analyst

Carolina del Norte, Raleigh / durham / CH, 27601 Raleigh / durham / CH USA

Vacancy caducado!

Job Description:-

Responsibilities: Management of ISO27001:2013 & SOC2, Type 2 certification, information security (InfoSec) risk analytics, governance policy and standards drafting, risk remediation process implementation, NIST800 compliance and framework management, disaster recovery program management, as well as other GRC subject matter expert related duties in support of the Information Security team. Ability to conduct thorough risk analysis, control identification and audit program development. Demonstrate the ability to multi-task, by clearly documenting the results of testing on more than one audit concurrently. Effectively communicate audit issues and related recommendations in both technical and non-technical terms to Operational and IT management. Demonstrate technical knowledge of routine IT systems and processes and continue development of technical and analytical skills to understand more complex technologies.Interprets the associated risks, develops testing approach, and proposes solutions. Lead the initial root cause analysis process, influencing problem solving efforts and participate in department-wide CI efforts. Demonstrates increased technical understanding of data analysis concepts and practices. Shares knowledge and experience with less experienced team members. Documentation review; drafting of policy, procedures and standards, certification and accreditation documents Collaborate with Incident Response, Vulnerability Management and Insider Threat teams to develop risk mitigation strategies from new and emerging risks Serve as an IS liaison to business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., InfoSec best practices, policy and procedure development, employee education and awareness, security exceptions) Maintain confidentiality of all investigations, reports, and other confidential and sensitive information associated with position Interact enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff Define and deliver EIS GRC metrics, analytics, and scorecards

Requirements: You should possess industry-specific knowledge regarding security related regulations and controls, such as ISO 27001, SOC2, Fed Ramp, and NIST 800 Should be Two or more years of IT Audit or information technology experience with a focus on information security, risk management, or system development. Demonstrated ability to evaluate internal controls, execute large portions of an audit independently, analyze and solve complex problems, conduct research, and express ideas clearly, concisely and persuasively both verbally and in writing. Demonstrates a strong understanding of business ethics. You are proficient in IT Audit skills as typically acquired through a Bachelor’s degree in Computer Science, Management Information Systems or a comparative field. You should be able to work well with people from many different disciplines with varying degrees of technical experience. You should be able to adapt to a dynamic, rapidly changing business and technical environment, exercise good professional judgment, maintain confidentiality, manage projects through the entirety of the life cycle, develop security standards and guidelines based on best practices and industry standards

Tech stack: Infosec related training or certifications such as CISSP, CISA, or CISM. GRC automation software, ServiceNow, or other compliance and workflow tools.Reach/813-568-1938

Vacancy caducado!

Suscribir Reportar trabajo