GRC Risk Management Specialist - Stride, Inc.
Richmond, VA
About the Job
Job Description
SUMMARY: The GRC Risk Management Specialist will work closely with the Information Security team, business units, and partner organizations to conduct risk assessments, compliance checks, and control gap analyses in alignment with information security policies and risk management standards. This role involves creating, organizing, and clearly articulating summarized risk findings that are actionable for business stakeholders. The Specialist will help prioritize and drive remediation efforts across the organization to mitigate risks and will contribute to the risk management, treatment, and reporting processes to safeguard data assets. Additionally, the Specialist will assist in preparing for and facilitating assessments and examinations conducted by qualified security assessors.
Essential Functions : Reasonable accommodations may be made to enable individuals with disabilities to perform essential duties.
Supervisory Responsibilities: This position has no formal supervisory responsibilities.
Minimum Required Qualifications :
Certificates and Licenses: None required.
OTHER REQUIRED QUALIFICATIONS:
Desired Qualifications :
SUMMARY: The GRC Risk Management Specialist will work closely with the Information Security team, business units, and partner organizations to conduct risk assessments, compliance checks, and control gap analyses in alignment with information security policies and risk management standards. This role involves creating, organizing, and clearly articulating summarized risk findings that are actionable for business stakeholders. The Specialist will help prioritize and drive remediation efforts across the organization to mitigate risks and will contribute to the risk management, treatment, and reporting processes to safeguard data assets. Additionally, the Specialist will assist in preparing for and facilitating assessments and examinations conducted by qualified security assessors.
Essential Functions : Reasonable accommodations may be made to enable individuals with disabilities to perform essential duties.
- Conduct risk assessments and ensure compliance with major regulatory initiatives.
- Implement and manage cybersecurity and information security programs based on industry-standard frameworks like NIST CSF and ISO/IEC 27000.
- Maintain comprehensive knowledge and understanding of information security risk management and IT controls frameworks and methodologies such as ISO/IEC 27005, COBIT, and OCTAVE.
- Provide subject matter expertise in Risk Management Principles (risk avoidance, transfer, mitigation, acceptance) and risk assessment process.
- Provide support for security governance activities, including managing communication about security policies, standards, and control frameworks.
- Identify, assess, track, and report on security risks across the enterprise. Track risk decisions and remediation plans and communicate risks to both technical and non-technical audiences.
- Develop reporting for management by analyzing IT security controls and risk exposure.
- Identify IT security risks to the business, work with the security team on client security reviews, and drive the development of remediation plans for both when appropriate.
- Facilitate internal and third-party information security risk assessments and work closely with functional groups or departments to prioritize and remediate findings.
- Drive effective collaboration across all lines of business and provide relevant awareness training to control owners.
- Drive continuous quality improvement.
Supervisory Responsibilities: This position has no formal supervisory responsibilities.
Minimum Required Qualifications :
- Bachelor's degree in Computer Science, Information Systems, Information Security & Assurance, Information Technology, Information Security Risk Management or related field required AND
- Seven (5) years of experience in IT Security, IT Governance, Risk, & Compliance
- Equivalent combination of education and experience, including prior relevant military service experience.
Certificates and Licenses: None required.
OTHER REQUIRED QUALIFICATIONS:
- Demonstrable understanding of security controls and risk assessment tools.
- Demonstrable understanding of information security and the relationship between threat, vulnerability, and information value in the context of risk management.
- Demonstrable understanding of risk-based decision-making.
- Demonstrable understanding of leading-edge governance-enabling technologies.
- Demonstrate experience with risk assessments and compliance with major regulatory initiatives (e.g. SOX, PCI-DSS, HIPAA, FedRAMP).
- Demonstrate experience with cyber security and information security program management and frameworks (e.g., NIST CSF, ISO/IEC 27000, etc.).
- Ability to develop relationships across functions and inspire trust and confidence through effective communication and interpersonal skills.
- Experience managing cybersecurity controls based on a thorough understanding of industry standards and regulations to protect the company from external and internal threats.
- Excellent communication and presentation skills (verbal and written).
- Project management planning and organization skills.
- Ability to identify, document, and communicate information security issues to business and information owners.
- Ability to maintain the confidentiality of sensitive information.
- Microsoft Office (Outlook, Word, Excel, PowerPoint, Project, Visio, etc.); Web proficiency.
- Ability to clear required background checks.
Desired Qualifications :
- CRISC, CISM, SANS, or other relevant information security certifications
- Knowledge of relevan
Source : Stride, Inc.