Job Description:
We are seeking a highly skilled and experienced Senior Governance Risk and Compliance (GRC) Analyst to assist customers in meeting their cybersecurity regulatory and legal requirements. This role will focus on Policy Development, Risk Assessment and Risk Management, Gap Analysis and Due Diligence.
Analysts will work with customers to develop formalized information security policies, analyze the efficacy of current policies and procedures, and evaluate the risks posed by third-party providers.
The ideal candidate will have a solid understanding of information security strategies suitable for small and mid-size businesses within the financial services sector coupled with a solid grasp.
Responsibilities (including but not limited to):
- Coordinating and working with clients to develop formalized Written Information Security Programs (WISPs)
- Performing cybersecurity due diligence assessments on client vendors
- Engaging with the cybersecurity engineering team to assist with client risk management and technical gaps with regulatory requirements.
- Assist with providing strategic guidance and oversight on regulatory and risk management procedures for multiple clients’ cybersecurity programs.
- Assisting clients in meeting regulatory requirements via policy review and testing (e.g., Incident Response tabletop exercises)
- Assisting clients with their own due diligence questionnaire and fielding cybersecurity and compliance questions
- Providing customized end-user security awareness training via presentations and simulated phishing campaigns
- Researching and keeping up to date with industry compliance regulations, most specifically within the investment and financial services space including FCA, SEC, and DORA.
- Build and maintain strong relationships with clients, understanding their unique compliance challenges and providing tailored solutions.
- Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security policies and documentation.
- Serving as a lead resource for compliance-based information security gap assessments for various regulations and frameworks. (NIST CSF, CIS CSC v8, ISO27001, DORA, etc.)
Skills:
- Basic operational capabilities for the Office 365 stack (Microsoft Word, Excel, Outlook)
- Strong ability to direct self-work with excellent organizational and time management skills.
- Excellent verbal and written communication skills, especially when communicating technical concepts to non-technical audiences.
- Critical and creative thinking to strategize how to add value to customer engagements and improve processes
- Exceptional spelling and grammar skills for writing and proofreading documents.
- Ability to remain flexible as processes continuously improve.
- Proficiency in regulatory and security framework gap assessments.
- Proven expertise in the realm of identity and access management (IAM) leveraging solutions such as Privileged Identity Management (PIM) and conditional access policies.
- Experience working with cloud automation to include infrastructure as code and compliance as code.
- Experience configuring and supporting endpoint security tools (EDR, Encryption, Behavior Analysis)
- Strong attention to detail and well organized.
- Highly motivated to continuously learn, grow and innovate.
Qualifications:
Education:
- Bachelors’ Degree (Masters’ Preferred) in one of the following areas of concentration: Computer Science, Software Development, Information Technology, Cybersecurity.
Experience:
- 3+ years GRC experience including information security policy development and certification/regulatory gap analysis (such as ISO 27001, CIS CSC v8, etc.)
- Experience within the investment and financial services state preferred.
- ISACA CRISC, ISC2 CGRC, or CompTIA CySA+ preferred.
- Knowledge of Secure Software Development Life Cycle (SSDLC) practices is a plus.
- Automation and problem-solving skills a plus.
- Must be available to work 8am-5pm GMT Monday-Friday
Certifications:
- Relevant certifications such as CISM, CRISC, CGRC, CySA+, or Security+.