The InfoSec GRC Analyst role will be a member of a 4-person team, reporting to the GRC Lead and will work closely with the Chief Information Security Officer (CISO) and InfoSec Lead.
The ideal candidate is a self-starter with a passion for building relationships and collaboration. The candidate should have strong written and verbal communication skills.
- Sample Duties and Responsibilities: Ability to read, comprehend, and analyze published:
- laws and regulations, security policies and standards, and information sharing agreements.
- leading security frameworks such as the National Institute of Standards and Technology (NIST) Cyber Security Framework.
- security requirements of the Payment Card Industry Data Security Standard and the maintenance of effective controls in our retail networks.
- Actively participate in risk assessments with the team and facilitate the implementation of security safeguards across IT.
- Develop tracking for ongoing risk mitigation work and the maintenance of security safeguards.
- Track security safeguards for several compliance programs including Payment Card Industry Data Security Standard (PCI-DSS), Social Security Administration (SSA), Federal Motor Carriers Safety Administration (FMCSA), Criminal Justice Information Services (CJIS), and agency requirements for issuance of Real ID in Massachusetts.
About You
- Required: Two plus (2+) years of training or practical experience in IT Operations
- Two plus (2+) years of training or practical experience in Information Security Risk Management
- Strong work ethic, great time management, and highly inclusive team player
- Effective verbal and written communicator, with excellent writing skills
- Authorization to work indefinitely in the U.S.
- Preferred: Bachelor's degree or equivalent in Cyber/Information Security
- Industry certifications such as CISSP
- Previous experience on a GRC team in a large organization