GRC Security Analyst

GRC Security Analyst

D&H Distributing is looking to hire a GRC Security Analyst to assist with managing the Governance, Risk, and Compliance (GRC) program. You will be responsible for developing and ensuring compliance with security policy, carrying out security assessments, and assisting with the development and management of a cybersecurity risk management program. Your experience should include exposure to common cybersecurity frameworks including NIST and ISO 27001. Auditing experience is preferred.

ESSENTIAL DUTIES AND RESPONSIBILITIES

• Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our GRC processes
• Assist with all ongoing compliance activities related to the implementation, maintenance, monitoring, and continuous improvement of the Information Security Management System (ISMS)
• Evaluate the effectiveness of information security controls and performance by developing, monitoring, gathering, and analyzing information security and compliance metrics for management
• Perform third party risk assessments to maintain oversight of third party vendors
• Manage and coordinate client assurance questionnaires, audits and assessments, and calls
• Help support various parts of the company to adopt/maintain a common risk and control framework
• Develop, enhance, operationalize enterprise-level security, risk and privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations
• Perform activities to monitor and assess the security, risk and privacy controls on an ongoing basis. Work closely with the operational departments (Legal, Engineering, Sales, Support, Operations, …) to develop and monitor policies and standards in compliance with applicable privacy policy & regulations
• Stay up to date on the latest security and industry trends including their compliance requirements
• Maintain familiarity with cybersecurity frameworks such as NIST, CIS, and other security technology by attending workshops and reviewing publications
• Monitor environment for malicious behavior utilizing a variety of security tools and take appropriate remediation
• Coordinate across organization to ensure mutual success in protecting D&H
• Monitor changes to the environment to identify if those changes compromise security
• Investigate security breaches and other cybersecurity incidents with minimal assistance
• Work with the business units to remediate identified issues with minimal assistance
• Use the SIEM and analytics tools to monitor logs and understand baseline traffic of the organization
• Build rules within the SIEM to monitor for new or changed security threats
• Monitor network traffic for suspicious behavior and, with minimal guidance, determine if traffic is legitimate
• With minimal assistance, run vulnerability scans across the organization
• Assist in process improvements to enhance the efficiency of current operational procedures
• Participate in access control and governance including provisioning/deprovisioning and recertification of accounts
• Effectively deal with rapid change in a positive manner
• Participate in all company/location driven communication efforts, including huddles, department meetings, and other related efforts
• Maintain a positive and professional working relationship with peers, management, support resources, and the community with a constant commitment to teamwork and exemplary customer service to present a professional image of D&H Distributing
• Perform all other duties as assigned by management in a professional and efficient manner

KNOWLEDGE, SKILLS, and/or ABILITIES

• Focused on success of the team/organization
• Exceptional verbal and written communications skills
• Demonstrated personal management skills
• Effectively communicate complex technological issues in business terms at any level within the organization
• Respond to customer inquiries, effectively communicate critical problems, and discuss resolutions with management
• Highly self-motivated
• Ability to prioritize and execute tasks in a high-pressure environment and make sound decisions in emergency situations with guidance and supervision
• Handle information and incidents with appropriate confidentiality and discretion

EDUCATION and/or EXPERIENCE

Education

• Bachelor’s degree in Cybersecurity or similar area of study required or equivalent years of related work experience
• 3 - 5 years of experience in cybersecurity
• Industry certifications (CEH, Security , SANS, CISSP, OSCP, CCNA Security or similar) preferred

Experience

• Experience with system maintenance, monitoring, and alert resolution preferred
• Scripting experience in PowerShell, Python or Perl preferred
• NIST Standards, ISO 27001, and/or PCI DSS
• Security Policy Development
• User Access Reviews (UARs)
• Security and Privacy Impact Assessments (PIAs)
• Exposure to SOC2/SOX/etc.
• Auditing experience (preferred)
• ServiceNow (a plus)
• Certified Information Systems Auditor
• Security , CEH, and/or other relevant security certifications
• CISSP (preferred)

Job Type: Full-time

Benefits:

• 401(k)
• 401(k) matching
• Dental insurance
• Employee assistance program
• Employee discount
• Flexible schedule
• Flexible spending account
• Health insurance
• Health savings account
• Life insurance
• Paid time off
• Professional development assistance
• Referral program
• Retirement plan
• Tuition reimbursement
• Vision insurance

Schedule:

• 8 hour shift

Application Question(s):

• Are you legally authorized to work in the United States without sponsorship?
• What salary range are you seeking?
• Do you have GRC experience?
• List all certifications you hold:

Work Location: Hybrid remote in Clearwater, FL 33760