Job Description
Job Description
Job Title : Security Analyst - Governance, Risk, and Compliance (GRC) Analyst
Job Family : Security Management
Job Variance : Advanced
Location : Boca Raton, FL, 33434
Duration : 12 months
Job Summary :
The Security Analyst - GRC will be responsible for the management, assessment, and mitigation of risks within the organization's information assurance and cybersecurity program.
This role will lead the IT security risk and audit program , ensuring compliance with standards and frameworks such as NIST, ISO, PCI, and ISACA .
The successful candidate will be responsible for performing information systems and business process risk assessments , identifying control weaknesses, and implementing mitigation strategies.
Key Responsibilities :
- Conduct PCI, SOC2, ISO, and cybersecurity control reviews to ensure compliance with security policies.
- Plan and assess IT security controls effectiveness , and manage remediation efforts for identified gaps.
- Develop and maintain the IT security risk and compliance matrix , performing management reporting on IT systems controls and business process risks.
- Maintain the Third Party Risk Management Program (TPRM) and analyze SOC-2 and other relevant reporting, mapping to key IT security controls such as NIST, PCI, and COBIT .
- Manage the IT security vulnerabilities management program in alignment with PCI and NIST standards.
- Identify and assess the value, sensitivity, and criticality of operations and assets that may be impacted by threats.
- Estimate potential losses from threats to critical assets and operations and suggest cost-effective mitigation actions .
- Track and verify remediation of audit findings and ensure compliance with audit standards such as ISACA .
- Document results, develop a plan of action, and create milestones to mitigate identified risks.
- Produce formal audit reports based on ISACA Audit Standards and promote compliance with PCI DSS and IT best practices.
Skills & Requirements :
- 7-10 years of IT audit experience (CISA certification preferred).
- 3+ years of experience in the IT risk management lifecycle.
- 3+ years of hands-on technical experience (e.g., developer, system administrator).
- Experience working with the NIST 800-30 Risk Assessment Standard .
- Extensive experience evaluating and designing IT General Controls .
- Advanced skills in business process mapping, documentation, and policy and procedure development.
- Knowledge of current cybersecurity threats and solid understanding of PCI DSS standards .
Education & Certifications :
- Bachelor's degree in Computer Science, Information Systems, Business Administration , or a related field (or equivalent work experience).
- Preferred certifications : CISA and CISSP .
Security Analyst (GRC Analyst) - SECAN24-14469
Security Analyst - Governance, Risk, and Compliance (GRC) Analyst. IT security risk and audit program. PCI, SOC2, ISO, and cybersecurity control reviews. IT security controls effectiveness. ...
Security Analyst
Are you passionate about cybersecurity and looking to contribute to a dynamic and innovative environment? We are seeking a Security Analyst to join our team in Doral, FL. In this role, you will support the implementation, maintenance, and optimization of key security platforms such as firewalls, VPN...
Security Analyst (grc)
Review security needs and recommend solutions consistent with industry and organizational security best practices, analyze portfolios and strategies to identify risk and performance drivers, create and maintain security reporting and monitoring, administer and monitor key security stack technologies...
Lead Blockchain Security Analyst
You will also lead security risk assessments of blockchains, and provide security expertise and risk mitigation recommendations to various enterprise teams. In this role, you will design and execute a robust blockchain security assessment program. Leverage your technical understanding of various blo...
IT Security Analyst
Working in conjunction with Architecture, IT Compliance and IT Infrastructure, you will be a key contributor in executing the IT Security strategy, Security roadmap and formulation of the Cybersecurity process relative to threat intelligence, security monitoring, security automation, intrusion detec...
Security Analyst I
The Security Analyst I is a key contributor in the development, implementation, and monitoring of a strategic, comprehensive enterprise information security program to ensure that the integrity, confidentiality, and availability of information that is owned, controlled, or processed by IPG. Collabor...
Security Analyst 1 - Central
The University of Miami Health System, "UHealth", Information Technology Department has an exciting opportunity for a Security Analyst 1. The Security Analyst conducts computer forensic investigations, data recovery, and electronic discovery. Evaluates the effectiveness and efficiency of existing se...
Senior Application Security Analyst - Must have knowledge of API's
Primarily responsible for API application security but with a good working knowledge of other security domains (Cryptography, Identity and Access Management, Threat and Vulnerability Management). Hands-on experience performing application API security assessment, static and dynamic security assessme...
Physical Security Analyst
The Physical Security Analyst is responsible for supporting the physical security programs and policies of Kaseya. This role will will include conducting risk assessments, routine reporting and audit, and responding to security incidents. Respond to security incidents including support of HR on empl...
Cloud Security Analyst
As the Cloud Security Analyst, you will utilize your wide area of expertise in access control management, cybersecurity, vulnerability management, risk management, incident management, security frameworks and other areas to provide security support for the Harris group of companies. Work with Inform...