Security Analyst (GRC Analyst) - SECAN24-14469

Job Description

Job Description

Job Title : Security Analyst - Governance, Risk, and Compliance (GRC) Analyst

Job Family : Security Management

Job Variance : Advanced

Location : Boca Raton, FL, 33434

Duration : 12 months

Job Summary :

The Security Analyst - GRC will be responsible for the management, assessment, and mitigation of risks within the organization's information assurance and cybersecurity program.

This role will lead the IT security risk and audit program , ensuring compliance with standards and frameworks such as NIST, ISO, PCI, and ISACA .

The successful candidate will be responsible for performing information systems and business process risk assessments , identifying control weaknesses, and implementing mitigation strategies.

Key Responsibilities :

• Conduct PCI, SOC2, ISO, and cybersecurity control reviews to ensure compliance with security policies.
• Plan and assess IT security controls effectiveness , and manage remediation efforts for identified gaps.
• Develop and maintain the IT security risk and compliance matrix , performing management reporting on IT systems controls and business process risks.
• Maintain the Third Party Risk Management Program (TPRM) and analyze SOC-2 and other relevant reporting, mapping to key IT security controls such as NIST, PCI, and COBIT .
• Manage the IT security vulnerabilities management program in alignment with PCI and NIST standards.
• Identify and assess the value, sensitivity, and criticality of operations and assets that may be impacted by threats.
• Estimate potential losses from threats to critical assets and operations and suggest cost-effective mitigation actions .
• Track and verify remediation of audit findings and ensure compliance with audit standards such as ISACA .
• Document results, develop a plan of action, and create milestones to mitigate identified risks.
• Produce formal audit reports based on ISACA Audit Standards and promote compliance with PCI DSS and IT best practices.

Skills & Requirements :

• 7-10 years of IT audit experience (CISA certification preferred).
• 3+ years of experience in the IT risk management lifecycle.
• 3+ years of hands-on technical experience (e.g., developer, system administrator).
• Experience working with the NIST 800-30 Risk Assessment Standard .
• Extensive experience evaluating and designing IT General Controls .
• Advanced skills in business process mapping, documentation, and policy and procedure development.
• Knowledge of current cybersecurity threats and solid understanding of PCI DSS standards .

Education & Certifications :

• Bachelor's degree in Computer Science, Information Systems, Business Administration , or a related field (or equivalent work experience).
• Preferred certifications : CISA and CISSP .
16 days ago