Full-time
IT Governance, Risk Management and Compliance (GRC) Analyst - YurTech - Hampton, VA

The GRC Analyst is a technical and analytical position within our client's IT Security Team focused primarily on issues in Governance Risk & Compliance (GRC) which include risk management, vendor management, compliance management, vulnerability management, risk assessments, and security awareness. A successful applicant will be technical in nature with a high aptitude of both written and verbal communication skills.Key Responsibilities:Assist/participate/lead in formal risk assessment processes for all departmental and enterprise systems and work closely with system owners to align risks identified with established risk tolerancesProvide governance for the identification, audit, validation and remediation of information technology controls required for SOX, PCI DSS, PII, HIPAA and any other applicable regulatory compliance frameworks.Conduct and track information security assessments of third party vendors to determine their ability to protect dataParticipates in projects and assessments to establish risk determination and remediationUsing industry best practices and tools, be able to utilize technology based tools to validate controls are in place as established.Lead the development, update and compliance of corporate information security policies, guidelines and standardsWork with technical teams to ensure baseline configurations are kept current and configurations for new technologies are designed and built prior to integration into the company environmentDevelop the comprehensive information security awareness program and run year round campaigns. Create communications on behalf of IT Security for awareness activities, initiatives or other required security announcements.Maintain security and compliance metrics that are meaningful and actionable for Sr. Management. Metrics should establish baselines, highlight progress and drive behaviorsCoordinate with internal and external audit and compliance groups on improvement of information technology controlsRequired Skills:3-5 years' experience in information technology; preferably in information security compliance/audit/control or related experiencesExperience with analyzing, evaluating, prioritizing and processing results from security penetration tests or assessmentsDemonstrated experience with industry compliance and security standards and frameworks including one or more of: PCI DSS, ISO 27001, HIPAA, CIS Controls and NIST frameworksJob Type: Full-timePay: $100,000.00 per yearExperience:Workday: 1 year (Preferred)PeopleSoft: 1 year (Preferred)Schedule:Monday to FridayWork Remotely:No

Apply for this job  or Save to My Jobs

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.