Remote Security GRC Analyst - Issues & Exceptions Management

A high-tech commercial bank is looking for an Operational Cybersecurity Risk Analyst. This Analyst will play a vital part in supporting the Cybersecurity organization, and be responsible for working through exception management requests. They will most likely receive 3-5 requests a day through Service Now and focus on reviewing them against the 20 different policies to ensure that the request is applicable within the section. Furthermore, this Analyst will need to have a strong understanding on controls and understand which are critical to ensure the right controls are mapped correctly within the risk assessment.



Lastly, this organization is looking for someone who is a go getter, can hit the ground running, and has a passion for GRC!



Below are further responsibilities listed out.



* Partner with security experts and stakeholders across the bank in executing exception risk assessments

* Develop and execute a robust monitoring program for security exceptions

* Engage and hold cybersecurity process owners accountable for monitoring their processes

* Partner with Lines of Defense (e.g. 1st, 2nd, 3rd, etc) to provide input/review of frameworks, policies and standards

* Develop self-audit programs and test key security processes to validate they are meeting the requirements

* Assess new, or changes to existing, exception processes, and follow change management process to make improvements to the GRC tools

* Maintain the day-to-day administration of the security GRC tool(s)

* Establish and maintain relationships with key business partners across the organization

* Serve as a liaison in the internal and external audits, provide supporting evidence and assess any identified issues and remediation action plans

- 4 + years of Risk Management/IT Auditing/ Compliance experience specifically supporting policy exception management and cybersecurity risk assessments

- Must have experience testing controls as this role will focus heavily on supporting Cybersecurity controls

- Must have experience supporting exception management such as being able to file simple directions

- Experience with regulatory compliance (SOX, HIPAA, GLBA, PCI, etc.)

-Must be able to conduct risk assessments and have strong understanding of frameworks such as NIST, ISO, FFIEC, etc.

- Strong Excel skill for data analysis, functions, reporting, and organization (SQL or Power Query is a plus)

- Must have strong technical writing skills to create supporting documentation, track and organize materials properly

Ability to run SQL Queries

2-4 years of Big 4 experience

Previous experience working in the Financial services industry

Certified Project Management Professional (PMP)

Certified Information Systems Auditor (CISA)

Certified Information Security Manager (CISM)

Certified Information System Security Professional (CISSP)

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.