Senior Cyber GRC Analyst
This role reports to the VP, Information Security and performs internal audits, risk assessments and third-party vendors reviews to ensure compliance to company security policies. Responsible for supporting the business in fulfilling security information requests associated with Proposals (RFP), questionnaires, sales questions, third party risk assessments and audits. Reviews customer and prospect contracts and provides suggested alternatives regarding client requested contractual security requirements. Collaborates with Sales, Legal, Customer Success and Engineering to build and maintain an in-depth understanding of each areas environment and security controls to ensure timely and accurate responses to security information requests. Determines what information can be shared with customers and external parties at different phases of the client relationship to provide assurance with the Security Program, without compromising the IT Security posture of the organization.
Internal Audit, Compliance and Risk Assessments
- Conduct scheduled internal audits as per prescribed Cybersecurity Frameworks
- Prepare and lead Cybersecurity Framework audits driving compliance
- Perform risk assessments related to infrastructure, platforms and applications as per risk management framework
- Configure and implement tools to manage, monitor and escalate internal risks
Customer security risk assessments
- Review and edit security questionnaires and RFPs as well as fielding questions detailing security capabilities.
- Lead prospect, customer and third-party security meetings reinforcing the businesses security and compliance program.
- Hands-on iterative review of security/compliance aspects of new and renewed customer contracts.
- Provides suggestions and contract redlines regarding what security terms we can accept from clients.
Third Party Risk Management
- Lead vendor and third-party risk management process
- Knowledge in auditing security frameworks that may include ISO 27001, SOC 2 and HITRUST.
- Contract Management, Information Technology, IT Risk, IT Audit, InfoSec or similar experience required.
- Excellent attention to detail required and strong issues spotting, drafting and communication skills required.
- Must be client service focused with ability to successfully partner with internal stakeholders.
- Must be able to multi-task and independently manage workflow / priorities and solve problems within company guidelines.
- Knowledgeable in security best practices (ISO 27001, SOC 2, HIPAA, etc.)
- Knowledgeable of privacy best practices (Privacy Shield, GDFR, Safe Harbor, etc.)
- Familiarity with systems and tools including: IDS/IPS, HIDS, SIEM, AV, vulnerability assessments, etc.
- CISSP, CISM/CISA, CRISC or other industry InfoSec certification a plus
Robust. Agile. Collaborative. And you should see our software. Bringing the transformative power of the cloud to the compliance and ethics industry, Convercent's award-winning SaaS solution empowers our customers to be more effective and efficient in managing their compliance efforts and mitigating risk. With an inclination towards innovation, Convercent is helping our customers raise the standard--and expectations--for how companies safeguard their financial and reputational health.
Convercent is an equal opportunity employer and all qualified applicants will be considered for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, veteran or disability status.