Job Description :
IT Governance Risk Analyst
Location: Beaverton, OR
Duration: 1 year
Description:
- As a Senior GRC Standards Analyst, your role on the GRC (Governance, Risk and Compliance) team will include leveraging your knowledge of security policies, standards, controls, and industry best practices (aka Governance Framework) to help all CIS (Corporate Information Security) teams mature their individual organizations.
- Client will be responsible for developing a Governance Framework for assigned CIS teams/security domains and will work closely with assigned teams to understand their current operations and strategies.
- Upon building a strong partnership/knowledge base with your assigned teams, you will then work with them to implement a tailored Governance Framework at operational and strategic levels.
- You will become a critical component for ensuring tight alignment between GRC and assigned CIS teams to ensure each team''s Governance Framework is in alignment with client overall GRC strategy and global policies and standards.
- Last, but not least, you will be an integral part of strategy and roadmap conversations for the future of GRC at client.
Responsibilities:
- Liaise with GRC and other CIS and Technology stakeholders to ensure alignment between all groups.
- Research, develop, and implement security policies, standards, controls, and industry best practices across multiple security domains (e.g. Identity and Access Management, Data Loss Prevention, etc
- Functionally be able to take ambiguous high level language and translate it into real world operations.
- Diplomatically influence teams to implement a Governance Framework showing the value it will be bring and tactfully help adjust existing operations to align with the framework.
- Ability to socialize and influence others to buy into a process oriented approach to their work.
- Ability to gain a deep level of technical and process knowledge across multiple security domains in a short amount of time.
- Ability to think both strategically and tactically to enable a better future state while being grounded in reality.
- Document and assist others in documenting security domain specific policies, standards, controls, control activities, and standard operating procedures.
Skills & Qualifications:
- Bachelor''s Degree in relevant field and minimum of 7 years relevant IT experience
- CISA, CRISC, CISSP, or CISM certifications beneficial
- At least one year of documenting and implementing security policies, standards, and/or controls
- Strong working and technical knowledge of identity and access management and data loss prevention security domains
- Strong ability to translate strategic vision and objectives into real world operations
- Proven ability to think logically and strategically about technical solutions that are efficient, scalable, and re-usable.
- Excellent analytical and problem solving skills.
- Proven ability to identify and develop clear and understandable performance measures from high-level business objectives.
- Strong business acumen to quickly learn new business processes and understand how application performance requirements support the business in achieving revenue and profit goals.
- Excellent collaboration skills – must be eager to work as part of a cohesive team and work as a partner to other teams within client. both at WHQ and globally.
- IT Audit, internal Audit and/or risk advisory experience is a plus.
- Knowledge of IT internal control methodologies such as COBIT, COSO, NIST and/or ISO 27000 along with certifications in information security disciplines, IT auditing or governance are beneficial.
- Experience working as a BSA/Lead on multiple projects and business functions is a plus.
- Comfortable working with ambiguity is a must.
- Exceptional communication skills, including the ability to gather relevant data and information, actively listen, dialogue freely, verbalize ideas effectively, negotiate tense situations successfully, and manage and resolve conflict.
- Proven presentation and facilitation skills.
- Demonstrated expertise of building a consensus across business partners and technology leaders, and influencing successful outcomes.
- Must excel working in team-oriented roles that rely on ability to collaborate with others.
- Experience working successfully in a highly matrixed work environment.
- Passion for the client brand and for an innovative, Just Do It work environment.
Required:
- Application Performance
- Audit
- Auditing
- BSA
- CISA
Additional:
- CISM
- CISSP
- COBIT
- Data Loss Prevention
- Documenting
- Governance
- Information Security
- Internal Audit
- ISO
- ISO 27000
- IT Audit
- IT Auditing
- Loss Prevention
- NIST
- Operations
- Problem Solving
- Security
- Security Policies
- Solutions
- Translate
- Business Systems Analysis
Minimum Degree Required:
- Bachelor''s Degree
Certifications & Licenses:
- CISA
- CISM
- CISSP