Sr. GRC Analyst

Optomi, in partnership with a leading provider in the Manufacturing industry is seeking a Sr. GRC Analyst to join their team! This position will be responsible for driving the execution of the GRC strategy by managing security and compliance framework control adherence, supporting regulatory compliance requirements, leading and tracking security awareness initiatives, and tracking key security metrics and KPI’s. This role requires a balanced understanding of cybersecurity, privacy, compliance, and information security industry frameworks.

RESPONSIBILITIES:

• Assess and validate the assurance of the organizations Information Security Program through audits, assessments, and continuous monitoring of the security control framework.
• Conduct enterprise-wide, ongoing risk analysis in tandem with Security, Internal Audit, and Compliance Teams.
• Document and maintain appropriate security control mappings to relevant regulatory compliance and applicable industry frameworks and standards.
• Identify and report on information security control deficiencies and work with internal/external stakeholders to prioritize and remediate findings.
• Manage and mature the organizations third party risk management program to effectively manage organizational risk presented through key relationships with vendors, suppliers, and customers.
• Monitor current and proposed security changes impacting regulatory, privacy, and security industry best practices and escalate concerns where applicable.
• Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
• Attend and fully engage in change and project management meetings.

QUALIFICATIONS/EDUCATION/WORK EXPERIENCE:

• 5 years of related GRC/information security experience required
• Prior experience supporting GRC platforms from vendors such as AuditBoard, LogicGate, Archer, MetricStream etc.
• Demonstrated ability to manage complex GRC security initiatives with a global scope and international requirements
• Deep knowledge working with frameworks such as ISO27001/27002, NIST 800-171, NIST 800-53, etc.
• Bachelor’s degree in computer science, information assurance, MIS or related field, or equivalent industry experience
• Possess industry certifications (CISSP, CRISC, CGEIT, IAPP, CISA, GRCP)
• Preferred experience with cloud environments such Amazon Web Services (AWS) and Microsoft Azure
• Familiarity with state, federal and international privacy laws
• Experiencing supporting industry and regulatory compliance frameworks such as PCI, ISO, DFARS, ITAR, NIST, and Sarbanes-Oxley