Information Security Governance, Risk and Compliance Analyst

Job Description

Key Responsibilities

• Own the relationship working with IT and business stakeholders to perform ongoing internal and vendor risk assessments
• Update and track KPIs from the Information Security risk register and work with stakeholders on developing Corrective Action Plans to address risks
• Provide guidance to newer staff working with internal IT stakeholders for vulnerability management
• Own the process for working with IT and business stakeholders to perform ongoing compliance reviews in line with security policies, information security regulations, and security frameworks
• Assist with ongoing internal operations and tasks, including ITGC security reviews
• Spearhead the ongoing internal and external SOX and HIPAA audits and other security audits that are relevant to GTI’s business
• Provide updates and insight during the development and maintenance of Information Security policies, standards, and procedures, aligning with NIST
• Lead the identification of security training and awareness initiatives for the organization
• Participate in incident response tabletops, business continuity tests, and other compliance activities and exercises
• Maintain KPIs and KRIs for Information Security risk & compliance activities
• Execute tasks as a member of the Information Security team as assigned by management
• Provide mentorship and guidance to Associate Information Security GRC Analysts
• Stay up to date on relevant laws and regulations to ensure continuous compliance and audit readiness
• Collaborate with the IT and security teams in response to security incidents, ensuring proper documentation and reporting

Requirements

• 3+ years of experience with responsibilities relating to security and compliance
• Bachelor’s degree or higher in Information Security or Information Technology (not required but may be beneficial)
• Strong written and oral communication skills
• Strong conceptual understanding of Information Security theories
• Knowledge of network, application, and cloud security controls
• Knowledge of regulatory frameworks and compliance standards such as NIST, MITRE, OWASP, HIPAA, PCI-DSS, and SOX
• Strong analytical and problem-solving skills with well-organized and structured work habits, and the ability to identify and mitigate risks
• Security certifications, such as CRISC, CISA (preferred but not required)
• Must pass any and all required background checks
• Must be and remain compliant with all legal or company regulations for working in the industry
• Must be a minimum of 21 years of age

Benefits & Perks

• Competitive pay range based on experience, qualifications, and/or location of the role
• Discretionary annual incentive program driven by organization and individual performance

Job Details