Specialist

Job Title : GRC Specialist

Primary Location : Chicago, IL (3 days on-site)

Position Type : Direct Hire

Overview

TalentFish is casting a line for a GRC Specialist. This is a Direct Hire role in Chicago, IL (on-site 3 days).

What You Bring to the Role.

• Bachelor's degree or five (5) years of work experience in IT Security is required.
• Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred.
• Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required.
• Technical writing experience is required. Experience with instructional content educational writing strongly preferred.
• Three or more years of experience managing timelines and being self-directed preferred.
• Governance, Risk, and Compliance (GRC) tool management (Administrative and / or Engineering) is preferred.
• Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
• Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls.
• Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.
• Broad experience and exposure to cloud hosted services, applications, infrastructure, including architecture, log management, monitoring, and security configuration requirements.
• SharePoint administration is preferred for team intranet site management.
• Provide back-end support, report creation, application updates for GRC platforms.
• Strong PC skills with Microsoft (i.e. Word, Excel, PowerPoint) required. Ability to perform data analytics, generate succinct reporting.
• Knowledge of host and network-based anti-malware technologies.
• Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.
• Knowledge of client and server firewalling technologies and capabilities.
• Knowledge of security event management (SIEM), event correlation and analysis technologies.
• Knowledge of data encryption technologies.
• Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
• Knowledge of web filtering and email SPAM prevention techniques.
• Knowledge of vulnerability assessment and forensic investigations tools.
• Knowledge of mobile device security and Mobile Device Management solutions.
• Knowledge of Privileged Access Management technologies.

What You'll Do.

Third-party vendor management : Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner.

Document and perform assessments as needed. This service also provides contract review for security requirements.

• Policy management : Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation.
• Compliance management : Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements.

Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls.

• Assessment management : Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
• Advisory services : Serve as a subject matter expert for Information Security consulting to technical / non-technical management and staff.
• Security awareness management : Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training / education courses and methods based on instructional needs.
• Administration of the GRC technology platforms

TalentFish focuses on providing the best employee, consultant, and client experience possible. At TalentFish we are an Equal Opportunity Employer;

we embrace and encourage diversity!

Last updated : 2024-05-19