Sr. GRC Analyst

Gravity IT Resources

Apply Now

Job Title: Sr. GRC Analyst

Location: Deerfield Beach, FL – 1 day onsite

Job-Type: Contract

 

Our client is a $17B, Fortune 200 company in the automotive retailing, distribution and services industry. They are currently ranked in the Top 20 companies to work for in the US by Fortune Magazine, Top 20 best companies for diversity and have an amazing work culture and impressive long-term growth prospects.

 

Job Description

The Governance and Compliance Sr. Analyst will report to the Governance and Compliance Manager and support the Information Security department to provide the highest quality assurance program to our customers. The Governance and Compliance Sr. Analyst will perform a critical role in providing IT governance and compliance as a service, including assessments and compliance program management and assurance. The Governance and Compliance Sr. Analyst will manage, measure, operationalize and communicate a myriad of compliance initiatives across the enterprise, including but not limited to SOC 1 Type 2, MAR, NY DFS 500, CCPA, HIPAA. Collaboration with business areas within JM Family will be a key success criteria for this individual.

Responsibilities:

  • Ensure the compliance with regulatory requirements (e.g., SOC 1 Type 2, MAR, NY DFS 500, CCPA) and internal controls with proactive validation of controls
  • Review regulatory and compliance matters related to information technology, as the shared-service provider for all business units and perform necessary gap analysis
  • Implement and maintain an information technology, including security and privacy, controls framework
  • Development and maintenance of IT policies, standard and procedures
  • Act as an advocate for information security practices
  • Engage control owners (of varying information security acumen and expertise) and key stakeholders across the enterprise to collect and test evidence and assess compliance to various requirements (external regulatory and contractual, as well as internal controls)
  • Maintain and foster relationships and trust with key partners throughout the company
  • Maintain compliance and risk management initiatives in a GRC platform
  • Facilitate IT audits and assessments, including remediation of any findings noted
  • Understand contractual elements with third parties and intelligently speak on the security requirements of a contract from an information security point of view
  • Maintain reliable, up-to-date, information from the government and across the industry regarding identification of new security standards and governance
  • Establish governance around disaster recovery function and collaborate with key business and IT leaders to develop security and disaster recovery standards and action plans
  • As directed, conduct periodic internal assessments for security risk and compliance
  • Perform other essential duties as assigned

 

Desired Skills

  • Project management skills for managing multiple complex activities
  • Knowledge of controls frameworks and applicable regulatory compliance mandates (e.g., NIST, CIS CSC, COBIT, CCPA, HIPAA, GLBA, SOC 1 Type 2, MAR)
  • Conduct research in keeping abreast of latest security issues, Third Party Vendors, and applications as needed

Job Requirements

  • Working knowledge of governance and compliance, including policy, process, governance, controls frameworks, and regulatory environments
  • Knowledge to evaluate, build and optimize security program elements as assigned (e.g., logical access control, application security, vendor risk management, network security, privacy)
  • Experience in working with auditors
  • Strong organizational skills with ability to thrive in a sense-of-urgency environment, leveraging best practices, and approaching any problem as a team-player with a can-do attitude
  • Strong written and verbal communication skills and ability to interface with all levels of business and executive leadership
  • Excellent analytical, problem solving, and decision-making skills, applied with a solution-focused attitude
  • Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism

 

License / Certificate (any of the following a plus):

CISSP, CISA, CISM, CIPP, GIAC

Apply Now