GRC - Snr Analyst

Overview

The Cybersecurity Governance, Risk, Compliance (GRC) Senior Analyst position is responsible for managing risks related to information security, privacy, governance, vendor security assurance, policy, and compliance.

Contributes to preserving the high standards of confidentiality, integrity, and availability of EagleView mission-critical information.

Conducts Cybersecurity risk assessments, evaluates controls, and provides feedback to management and process owners on the design and effectiveness of control processes.

Implements and maintains on-going programs and processes to test the design and operational effectiveness of security controls.

Responsible for ensuring IT assurance and compliance related activities are completed in accordance with industry standards and regulatory requirements.

The position reports to the Manager, GRC, and is responsible for executing the key functions of information risk management, security compliance, governance, and information security assurance.

Primary Responsibilities

• In these roles, you are part analyst, engineer, and advisor. You have the ability to ramp up quickly into a solid, productive member of the Security GRC team.
• You are organized and have the ability to innovate and automate as we continually look to improve our processes and tools. You may own process areas, projects, or technologies for governance, risk and compliance purposes.
• You create and maintain relationships with business and technical experts through the company who provide expertise in security requirements and solution management. You are expected to work independently while still asking for help on some areas. You are a bridge builder helping to coordinate and bring together various parts of the organization around a common process through the use of tools, and communications channels.
• Ensure compliance with laws, regulations, and industry standards, and compliance programs (e.g. SOC2, PCI, ISO 27001, NIST 800-X)
• Create processes to support effective risk identification, evaluation, communication, and remediation
• Participate in Risk Management Committee meetings
• Work with risk owners to develop plans of action to reduce or mitigate risks
• Analyzes security controls for effectiveness of design by evaluation of control documentation and process
• Analyzes security controls for operational effectiveness by evaluation of control evidence
• Contribute to corporate information risk management strategy, policies, standards, and tactical plans
• Contributes to a comprehensive internal security audit program that validates existing security controls
• Contribute to the company-wide security awareness program and compliance training
• Coordinate annual enterprise risk assessment and PCI-self assessment activities
• Ensure all systems, processes, and changes are formally documented
• Works closely with internal and external auditors, regulators, and examiners, including coordination and compilation of technology documentation requests, reports, and assurance letters to ensure security compliance
• Maintains the Risk Register and support processes to define and measure risks, then plan risk responses with company leadership
• Ability to work collaboratively with internal and external departments, vendors, and other key stakeholders

Skills / Requirements

Required Knowledge, Skills and Experience :

Preferred Knowledge, Skills and Experience :

Skills Required

Risk Management, It Audit, Iso 27001, SOC2, nist