REMOTE GRC Analyst

An employer is seeking a GRC Analyst for a large automotive client sitting in fully remote. This person will gather information, identify areas for further work, perform risk assessments, audit reviews, write findings, make appropriate recommendations for improvement and track outcomes from those activities. This position will also review security technologies, collaborate with partners/vendors, and evaluate business processes from a security perspective to enhance the organization's security posture. Our ideal candidate will understand regulatory security guidance emphasizing NIST controls.

Responsibilities

* Perform risk assessments, audit reviews, and make appropriate recommendations for improvement.

* Develop and formulate comprehensive reports detailing the findings, areas of non-compliance, required POA&Ms (Plan of Action and Milestones), environmental observations, and incident reports.

* Review, update, and manage security-related audit plans, security plans, and risk plan documentation for accuracy and consistency, proactively solving problems.

* Prepare audit documentation that supports audit results, drafting and editing audit findings to adhere to the standards and the agency's writing style.

* Collect and review evidence to ensure we can attest security controls are operating effectively.

* Develop, review, and manage IT Policies, Procedures, Standards, and Guidelines.

* Research agency and industry IT security best practices, standards, , laws, regulations, and other applicable resources, to ensure security and privacy framework compliance.

* Direct third-party security risk assessments and research and recommend remediation plans and strategies.

* Create reports, summaries, presentations, and process documents to display results.

* Influence and negotiate appropriate actions to mitigate or prevent failures related to identified risks.

* Collaborate with other team members and external and internal auditors to analyze and present data effectively.

* As needed, assist with security project implementations related to risk management or internal team needs.

* Keep informed of current risks, security issues, threats, protection strategies, or legal and regulatory developments.

* Serve as a mentor to less experienced staff.

* Bachelor's Degree or security/compliance certifications.

* 2+ years of direct experience as a security analyst.

* Familiarity with security control frameworks such as NIST, ISO 27001, etc.

* Familiarity with privacy regulations such as CCPA, GDPR, etc.

* Ability to effectively communicate on complex issues with a high level of effectiveness.

* Must be a self-starter with the ability to manage multiple work assignments and priorities with urgent deadlines, maintaining excellent customer service skills, while working in a fast-paced team environment.

* Strong analytical, technical and communication (verbal and written) skills are required.

* Knowledge of IT Security concepts and controls.

* Candidate will also have experience with regulatory compliance from an Information Security perspective, broad knowledge across all information security domains, information security control testing experience, risk/compliance assessment experience, and technical writing skills

Benefit packages for this role will start on the 31st day of employment and include medical, dental, and vision insurance, as well as HSA, FSA, and DCFSA account options, and 401k retirement account access with employer matching. Employees in this role are also entitled to paid sick leave and/or other paid time off as provided by applicable law.