GRC Analyst

Job Description Position Summary The Cyber GRC Analyst will report to Risk Manager and will support the execution of Cyber Risk and Compliance Management program across the organization. This individual will contribute in the execution of the Cyber risk assessments, Third Party Risk Assessments, and support compliance and security awareness related activities as needed. This individual will be required to obtain understanding of the people, process, technology ecosystem including understanding of the cybersecurity domains and their inter-relations across that ecosystem. The role will have a regular interaction with IT & engineering teams outside of Governance & Risk, collaborating with Enterprise Security, Engineering teams, Technology Services, and Application Security teams, to name a few. Primary Responsibilities: Contribute to the cyber security risk assessment of products and technology solutions based on the Risk Management Framework. Contribute to the execution of Third-Party Risk Management program. Conduct Third-Party risk assessments based on compliance reports, external risk ratings, security questionnaires, and supporting evidence. Coordinate and track information technology and security related audits including scope of audits, units involved, timelines, auditing agencies and outcomes. Work with auditors as appropriate to keep audit focus in scope. Provide guidance, evaluation and advocacy on audit responses. Coordinate and conduct internal compliance assessments based on the organization’s control framework. Assess, evaluate, and make recommendations to management regarding the adequacy of the security controls in products, processes, and technology solutions. Contribute to building and execution of the Security Awareness program. Contribute to development, building, and reporting of key performance and risk indicators. Qualifications: Educational Requirements: A Bachelor’s Degree in comp science, Information Technology/Management, or related fields are highly desired but not required Knowledge of security frameworks: NST Cybersecurity Framework ISO 27001 Standard PCI-DSS Experience with risk assessment methodologies Asset based risk assessments Process based risk assessments Threat based risk assessments Controls assessments 2 years of industry experience Strong organizational skills to juggle multiple tasks within the constraints of timelines Ability to work and thrive in a fast-paced environment, learn rapidly and master diverse technologies and techniques Strong written and oral communication skills Other Preferred Qualifications: CompTIA Security Location: Boston, MA or surrounding area Options for remote delivery available Bose is an equal opportunity employer that is committed to inclusion and diversity. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, age, disability, veteran status, or any other legally protected characteristics. For additional information, please review: (1) the EEO is the Law Poster (http://www.dol.gov/ofccp/regs/compliance/posters/pdf/OFCCP_EEO_Supplement_Final_JRF_QA_508c.pdf); and (2) its Supplements (http://www.dol.gov/ofccp/regs/compliance/posters/ofccpost.htm). Please note, the company's pay transparency is available at http://www.dol.gov/ofccp/pdf/EO13665_PrescribedNondiscriminationPostingLanguage_JRFQA508c.pdf. Bose is committed to working with and providing reasonable accommodations to individuals with disabilities. If you need a reasonable accommodation because of a disability for any part of the application or employment process, please send an e-mail to Wellbeing@bose.com and let us know the nature of your request and your contact information.