Job Description :
Title: Sr. GRC Analyst (Senior Governance, Risk and Compliance Analyst)

Work Location: Raleigh, NC

Duration: 6+ months


Work Authorization: NO OPT’s & H1 B Transfers


Job description


Senior Governance, Risk and Compliance Analyst


The Senior Governance, Risk and Compliance (GRC) Analyst position is technical and analytical in nature and calls for a fast-learner with a history of technical and business experience. The ideal candidate will have strong organizational skills and the ability to manage a diverse workload in a fast-paced environment. Responsibilities may include ISO27001:2013 certification management, information security (InfoSec) risk analytics, governance policy and standards drafting, risk remediation process implementation, NIST800 compliance and framework management, disaster recovery program management, as well as other GRC subject matter expert related duties in support of the Enterprise Information Security (EIS) team. This role requires an ability to apply InfoSec risk management principles, partnering with various diverse teams to provide guidance to business stakeholders across different functional business areas of the enterprise.

Duties and Responsibilities

Documentation review; drafting of policy, procedures and standards, certification and accreditation documents

Monitor compliance for regulatory requirements such as DFARS/NIST 800-171, NIST 800-53, NIST Cybersecurity Framework, ITAR, and other Federal regulations, including any new regulatory initiatives applicable to the business (e.g. GDPR)

Perform InfoSec risk and control assessments and report on risks and recommend mitigation strategies

Document and monitor InfoSec remediation and control improvements.

Collaborate with Incident Response, Vulnerability Management and Insider Threat teams to develop risk mitigation strategies from new and emerging risks

Build awareness and accountability around IT governance, risk, and compliance control functions

Articulate InfoSec risk into business terms while engaging with stakeholders

Serve as an EIS liaison to business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g., InfoSec best practices, policy and procedure development, employee education and awareness, security exceptions)

Maintain the supplier risk management process to identify and mitigate the risk of third-party relationships

Develop and maintain disaster recovery management plans for critical IT applications and liaison with the business continuity analysts in support of the corporate resiliency program

Manage various projects, including effective project tracking, issue handling, and follow up

Maintain confidentiality of all investigations, reports, and other confidential and sensitive information associated with position

Interact enterprise-wide with all levels of personnel, including executives, business functional heads and technical staff

Define and deliver appropriate EIS GRC metrics, analytics, and scorecards

Organize and leads EIS GRC related meetings and prepare meeting agendas and minutes

Be team-oriented and promote execution and change through influence


Minimum Qualifications


Bachelor's degree in business, accounting, finance, computer science, information systems, engineering, or a related field required; graduate degree in a security domain highly preferred.

At least four (4) years of specific experience with methodologies, activities, tools and enablers in a technology related industry that track to the roles and responsibilities listed and seven (7) – ten (10) years of total experience in business process analysis, project methodology and domain leadership required.

Possess industry-specific knowledge regarding security related regulations and controls, such as Sarbanes Oxley, Gramm Leach Bliley (GLB), Data Privacy, ISO 27001, Fed Ramp, and NIST 800, as well as technical approach and best practice advice for practitioners

Excellent written and verbal communication skills.

Strong analytical and problem-solving skills.

Ability to work both independently and as part of a team to deliver quality work product in a timely fashion in a fast-paced environment.

Ability to multi-task and prioritize tasks.

Ability to work well with people from many different disciplines with varying degrees of technical experience.

Ability to adapt to a dynamic, rapidly changing business and technical environment.

Ability to exercise good professional judgment.

Ability to maintain confidentiality.

Ability to oversee all aspects of projects and manage projects through the entirety of the life cycle

Ability to develop security standards and guidelines based on best practices and industry standards

Preferred Qualifications

Infosec related training or certifications such as CISSP CISA, CRISC, CISM, or GIAC

Experience performing information security audits or risk assessments

Experience with security auditing processes

Experience with GRC automation software, ServiceNow, or other compliance and workflow tools.