The GRC Analyst is responsible for the assessing and documenting of the Bank's compliance and risk posture as they relate to the its information assets.
The purpose of this position is to provide highly skilled technical and information security expertise for development and implementation of the information security risk management program. Responsibilities require leadership and project management experience, as well as expertise to ensure effective system-wide security analysis; intrusion detection; standards and testing; risk assessment; awareness and education; and development of policies, standards and guidelines.Qualifications:
5-7 years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management.
Applicable information security management, governance, and compliance principles, practices, laws, rules, regulations, and frameworks such as GLBA, FFIEC and NIST;
Information technology systems and processes, network infrastructure, data architecture, data processes, and protocols;
Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration;
Information systems auditing, monitoring, controlling, and assessment process;
Incident response management;
Risk assessment and management methodology.
Proficiency using Microsoft Office software products such as Word, Excel, and PowerPoint.
Developing and implementing enterprise governance, risk, and compliance strategy and solutions;
Researching and locating information related to internal and external organizations using online and other sources;
Security project management and planning;
Troubleshooting and operating a computer and various software packages;
Defining problems, collecting and analyzing data, establishing facts and drawing valid conclusions;
Using judgment and ingenuity in maintaining objectives and technical standards;
Effectively communicate technical issues to diverse audiences, both in writing and verbally;
Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process;
Handle sensitive and confidential matters, situations, and data;
Certification in any of the following is a plus: CISA, CRISC or CISSP.
- Bachelor's Degree in Business Administration, Risk or related field required or equivalent
- Equal Opportunity Employer/Protected Veterans/Individuals with Disabilities.
- Please view Equal Employment Opportunity Posters provided by OFCCP here.
- The contractor will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information. 41 CFR 60-1.35(c)
- Reasonable accommodation may be made to assist individuals with disabilities to complete the online application process. Please contact our Human Resources Department at 305-577-7680 or by e-mail at email@example.com.