Sr. Security Analyst (GRC)

Job Description

Job Description

Job Summary

The Sr. Security Analyst plays a critical role at Elevate. This role will provide an expert level of consultation to the organization in the area of technology regulatory compliance, managing other control frameworks and legislation such as Sarbanes Oxley, GLBA, SOC, and NIST.

This role will interpret changes to regulatory / framework requirements as well as internal changes and identify impacts to systems, projects and the overall Elevate business.

This role will also be called upon to assist in the general leadership of IT Governance, Risk, and Compliance within the organization, including risk assessments, security impact assessment and control assessment.

Essential Functions

• Acts as a leader and consultant in the execution and planning of assessment, audits, and exams.
• Have a strong understanding of IT Risk Management and operating within an IT GRC function. This role may be required to manage IT risk management, including risk analysis, remediation design, reporting, and identifying and implementing compensating controls.
• Maintains a strong knowledge in the areas relevant to regulatory or framework requirements, standards, and their relationship to applicable systems.
• Consults on the development or modification of software, networks, hardware, and operations to maintain continual regulatory or framework compliance.
• Evaluate and ensure the proper level of documentation for policies, procedures, standards, and operational tracking throughout the organization to meet regulatory or framework requirements.
• Recommend, plan, and sometimes act as project sponsor to achieve and maintain compliance to relevant security frameworks and standards.
• Perform the corporate Quarterly Access Reviews using an IAM Tool.
• Recommend and evaluate systems enhancements and solutions.
• Act as a security and risk advocate within the organization, providing expert security advice where needed.

Education and Experience

• Five years of progressive experience in Information Technology, specializing in Governance, Risk, and Compliance (GRC), with a demonstrated track record of leading and executing IT compliance, risk management, and audit initiatives.
• Two years of experience facilitating SOC assessments, Sarbanes-Oxley, GLBA audits, or similar audit engagements ensuring stringent compliance and operational excellence.
• Accomplished in IT risk management, with three years of experience in identifying, assessing, and mitigating risks through comprehensive lifecycle management, evaluations, and strategic consulting.
• Skilled in control monitoring and reporting over three years. With a strong preference on automating validation processes to enhance efficiency and accuracy in compliance operations.
• Proficient in managing and evidencing controls within hybrid cloud environments, including SaaS, PaaS, IaaS, and traditional data centers, ensuring robust security and compliance across diverse platforms.
• Solid understanding of how key risk and control frameworks, including NIST, RMF, COBIT, and ISO, are applied in the development and implementation of comprehensive GRC strategies.
• Extensive knowledge and application of IT governance, risk, and compliance principles, leveraging the latest technologies and practices to drive organizational success.
• Experienced in executing access validation processes, contributing to the integrity and security of information systems.
• Hold appropriate industry recognized certifications; preference for CISM or CISA. (Consideration will be given to other certifications)
• Working experience with ServiceNow GRC Module and RSA's Identity Governance & Lifecycle (IG&L) is a plus
• Bachelor’s Degree in Information Technology, Information Assurance, Business Administration, Accounting, or a related field, underpinned by practical experience in the GRC domain. (Optional)

California Employee Privacy Policy Family & Medical Leave Act Employee Polygraph Protection Act E-Verify

LI-BJ1