Senior GRC Analyst

What You'll Do

• Review the current documents to identify and prioritize the requirements for revisions.
• Create new security policies, standards, and responsibility models to clearly define the organization's security practices and responsibilities.
• Assess, deploy, and manage the GRC tool to streamline the GRC processes.
• Establish and oversee the policy and standards attestation process involving all stakeholders.
• Establish and oversee the process for policy and standards exceptions.
• Develop and oversee a Cybersecurity Awareness Training program.
• Facilitate document development and revision through meetings and workshops with SMEs, and secure consensus from their leadership.
• Develop questionnaires to evaluate the compliance of existing cybersecurity policies and standards and identify gaps in the organization’s Cybersecurity Risk Register.
• Oversee the management of cybersecurity controls and framework implementation, along with continuous maintenance.
• Develop and maintain an inventory of cybersecurity controls aligned with industry standards (e.g., NIST, SOC2, ISO 27001, CIS) and regulatory requirements (e.g., GDPR, CCPA, and SOX).

What You'll Need

• Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering, or a related field.  
• 5+ years of experience in information technology or information security, including over 3 years of experience authoring security policies, standards, and procedures. 
• A strong understanding of cybersecurity controls, risk mitigation strategies, and their application for data protection and privacy compliance. 
• Security and compliance certifications, such as CISSP, CISA, CISM, CGEIT, or CRISC, are preferred.
• Prior experience leading the evaluation, implementation, and administration of a GRC tool is highly preferred.


Technical Knowledge 
The candidates MUST possess a solid working knowledge of: 
• Identity and access management and governance concepts and technologies, such as Microsoft Entra, Active Directory, PAM, etc. 
• Vulnerability management platforms such as Rapid7 and Wiz. 
• IT asset management, Configuration Management Databases (CMDB), and network asset discovery tools.  
• Control frameworks and objectives (e.g., NIST CSF, NIST RMF, PCI-DSS, SOX, SOC 2, GDPR, CCPA, etc.). 
• Operating systems, databases, and middleware components. 
• Performing compliance and risk assessments. 
• Management of IT and security projects.  
• Jira, Slack, and Office 365 tools (including Word, Excel, SharePoint, OneDrive, Teams, and PowerPoint). 


Work Environment Characteristics 
• Self-motivated and results-oriented, with the ability to prioritize conflicting tasks. 
• Exceptional organizational skills for balancing work and leading projects. 
• Strong verbal and written communication skills.  
• The candidate must build consensus, collaborate, and establish strong relationships with various internal and external stakeholders (business, development, security, auditors, legal, etc.). 
• Ability to adapt and apply information to new situations and technologies.
Business Wire will not sponsor a new applicant for employment authorization for this position.
#LI-DNI


What We Offer
The base salary range for this position is $155K to $165K/year.  Offered salary will be determined by several factors, including but not limited to: applicant’s education, experience, knowledge, skills and abilities, as well as internal equity and alignment with geographic market data.  Business Wire reserves the right to modify this salary range at any time.


Business Wire’s total rewards include:
• Ability to work remotely
• Excellent health benefits that begin on your first day of employment
• $100 monthly fitness allotment, a tuition reimbursement program, and enhanced mental health resources
• 401(k) plan with generous company match, and annual profit sharing contribution (subject to company performance)
• PTO, Floating Holidays, Wellness Day Off, Birthday Day Off, and more!