Senior GRC Analyst

Information Security - Info Sec Woodland Hills, California


Description

Responsibilities: 

  • Contribute to the ongoing development the Information Security GRC activities, strategy, and roadmap.
  • Assist with operating IT Risk Assessment, Vendor Management, and Risk Management programs.
  • Evaluate effectiveness and perform internal testing of security controls.
  • Support internal and external audits.
  • Collect and maintain evidence of compliance with information security policies and regulatory requirements.
  • Coordinate written responses from customers and prospects on Information Security controls and regulatory compliance.
  • Review and update information security policies, procedures, standards, and other InfoSec documentation.
  • Assist in maintaining Information Security documentation repository.
  • Support vendor due diligence, security assessments and review processes.
  • Collaborate across the organization on documenting, implementing, monitoring and managing Information Security controls.
  • Promote security awareness and cultivate employees’ adherence to information security best practices.
  • Support business projects and perform other duties as assigned.
Qualifications:
  • 5 years of full-time work experience in IT audit or IT risk management. Experience in leading security assessments, IT vendor risk assessments, and InfoSec control management.
  • Basic understanding of technical aspects of information security.
  • Working knowledge of common IT technologies and processes.
  • Understanding of common Information Security and Information Technology frameworks and standards, such as ITIL, COBIT, NIST, SOC-2 Type II, and ISO27000 series.
  • Thorough understanding of risk management principles and methodologies.
  • Ability to transform abstract regulatory requirements into cohesive compliance actions.
  • Good communication skills including ability to present technical subjects to non-technical audiences.
  • Strong work ethic, attention to detail, and organizational skills.
  • Ability to multi-task and manage priorities in a fast-paced environment.
  • Ability to collaborate in a team setting and moderate conversations involving cross-functional groups.
  • Conceptual understanding of software development methodologies.
  • Proficient with the Microsoft office suite; presentation development skills.
  • Working knowledge of PII, PHI, financial data regulations, data residency requirements, and international regulatory aspects pertaining to sensitive information.
  • General knowledge of tools services commonly employed within InfoSec is a plus.
  • Experience with application security, SaaS, or cloud security is a plus.
  • CISSP, CISA, or a similar risk management, audit, or security certification.