IT GRC Analyst

2-4 Years

Save

Early Applicant

Job Description

Responsibilities

Develop, implement, and maintain information security policies, standards, and procedures
Ensure policies are aligned with industry best practices and regulatory requirements.
Monitor compliance with security policies and report on the effectiveness of security controls.
Conduct risk assessments to identify and evaluate security risks
Develop risk mitigation strategies and track the implementation of risk management plans
Ensure compliance with applicable laws, regulations, and industry standards (e.g., PBI, NIST, PCI-DSS, ISO 27001)
Assess and monitor the IT security and compliance posture of third-party vendors.
Develop and deliver information security training and awareness programs.
Develop and maintain security metrics and dashboards.
Provide regular reports to senior management on the status of information security and compliance programs.
Collaborate with IT, legal, compliance, and other departments to ensure coordinated and effective security practices.

Requirements

Bachelor's degree in computer science, Information Technology, or a related field.
2+ years of experience in information security, risk management, and compliance roles.
Proven experience in developing and implementing security policies and procedures.
Experience with security frameworks and standards (e.g., ISO 27001, NIST, PCI-DSS) is preferable
Professional certifications such as CompTIA Security+, CEH, CISSP, or equivalent is preferable