This position serves as a Governance, Risk, and Compliance (GRC) Analyst in support of the efficient and effective operation of client’s information security management system. The role works closely with all levels of the organization to ensure the satisfaction of compliance obligations, the identification of risks and control gaps that affect the organization’s security posture, and the implementation of remediation plans and programs to ensure continuous alignment with control objectives. Collaboration with technical departments, including Technical Operations, Software Engineering, and IT, and Infrastructure Support is essential for success in this role.
Develop, implement, and maintain information security governance artifacts such as policy, standards, and procedures to manage, support, and improve the organization’s information security management system
Develop reporting metrics, dashboards, and evidence artifacts to convey organizational security posture and risk to all organizational levels
Develop and deliver information security training and awareness artifacts to develop and maintain a security-aware organizational culture
Perform information security risk assessments, document control deficiencies, and develop recommendations for improvement
Implement and continuously monitor information security risks by maintaining an information security risk register
Support vendor due-diligence process and assist in the definition and operational of the third-party risk management process
Participate in business continuity and disaster recovery program development and implementation,including periodic business impact analysis
Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.
Participate in the incident response process by documenting incidents, performing root cause analysis, developing and implementing control improvements, and recommending revisions to incident response plans and playbooks
Support identification and remediation of vulnerabilities and results of penetration tests by developing plans, monitoring patching requirements, and reporting on deficiencies
Professional experience in Information Security with a focus on protecting companies through building a security program, security governance documentation, and engineering systems to be robust and resistant to attack.
Familiarity with common security frameworks and regulations such as SOX, HIPAA/HITECH, PCI-DSS, GDPR, NIST 800 series, FedRAMP, ITIL, ISO 27001/2, COBIT, and SOC 2.
Familiarity with risk assessment techniques and risk management program documentation.
Familiarity with approaches to assessing and managing third-party risk.
Clear understanding of emerging information security trends, including changes in security frameworks and regulatory requirements.
Flexibility to accommodate changing schedules of client and project needs and willingness to work extended hours when needed.
Ability to write clear and concise information security policies, standards, and processes.
Excellent interpersonal skills and communication skills.
Strong technology driven background with experience working on high performance teams.
Strategic thinker with ability to provide creative inputs to the product roadmap. Ability to deliver quick results without compromising quality.
Comfortable working independently, meet tight deadlines, and adapt to and manage multiple tasks simultaneously.
Knowledge of risk assessment and management methodologies.
Knowledge of cyber and cloud security-specific architectures, controls, and infrastructures.
Familiarity with information technology systems and processes, network infrastructures, data architecture, data processes, and governance methodologies.
Familiarity with third-party risk management.
Experience performing or participating in information security audits or risk assessments.
Ability to develop and communicate governance artifacts such as policies, standards, and procedures
The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.
Internal Number: 5541
OpenArc is a technology consulting firm providing industry-leading technical talent placement, software development, and technology strategy services to clients nationwide. Through a unique blending of people and software, OpenArc has a business practice that delivers amazing enterprise, mobile and consumer-facing apps and the best talent for contract, contract-to-hire and direct placements for clients and partners alike.
Staffed with the most-trusted recruiting experts, elite software developers, UI/UX designers and market experts, our team provides clients with the best resources, the right techniques and world-class support resulting in powerful measurable success.