Security Assurance Analyst (Cyber GRC) - Nuix
Herndon, VA 20171
About the Job
Description
Nuix creates innovative software that empowers organisations to simply and quickly find the truth from any data in a digital world. We are a passionate and talented team, delighting our customers with software that transforms data into actionable intelligence across the globe
We provide innovative solutions across eDiscovery, information governance, forensic and electronic investigations for more than 2,000 customers in over 75 countries. Our customers include top financial institutions, corporations and government departments, all tier-one advisory firms; and litigation support vendors.
What you will be doing:
We are actively seeking a highly skilled and experienced Cyber GRC (Governance, Risk, and Compliance) Analyst to join our dynamic team. The Security Assurance Analyst (Cyber GRC) will take full ownership of our cybersecurity governance, risk management, and compliance initiatives globally. This role requires an in-depth understanding of cybersecurity principles, regulatory requirements, and industry best practices to ensure that our assets are well secured and the integrity of our operations is maintained at all times.
This position will be based in our Herndon office. The candidate is required to attend the office a minimum of 2-3 days per week but may voluntarily elect to work either remotely or from the Herndon office for the remaining days of the week.
We provide innovative solutions across eDiscovery, information governance, forensic and electronic investigations for more than 2,000 customers in over 75 countries. Our customers include top financial institutions, corporations and government departments, all tier-one advisory firms; and litigation support vendors.
What you will be doing:
We are actively seeking a highly skilled and experienced Cyber GRC (Governance, Risk, and Compliance) Analyst to join our dynamic team. The Security Assurance Analyst (Cyber GRC) will take full ownership of our cybersecurity governance, risk management, and compliance initiatives globally. This role requires an in-depth understanding of cybersecurity principles, regulatory requirements, and industry best practices to ensure that our assets are well secured and the integrity of our operations is maintained at all times.
This position will be based in our Herndon office. The candidate is required to attend the office a minimum of 2-3 days per week but may voluntarily elect to work either remotely or from the Herndon office for the remaining days of the week.
Key Responsibilities
- Develop and implement cyber governance, risk, and compliance frameworks tailored to the unique needs of our software products and services.
- Conduct comprehensive risk assessments to identify potential threats, vulnerabilities, and gaps in our security posture.
- Collaborate with internal stakeholders to establish and enforce security policies, standards, and procedures.
- Lead compliance efforts to ensure adherence to industry regulations, standards, and best practices (e.g., ISO 27001, FedRAMP, NIST, IRAP, E8, PCI-DSS, and CPS-234).
- Manage third-party risk assessments and vendor security evaluations to mitigate supply chain vulnerabilities.
- Oversee the execution of security awareness training programs to foster a culture of cybersecurity awareness among employees.
- Coordinate and support internal and external audits, responding to findings and implementing corrective actions as necessary.
- Stay abreast of emerging cyber threats, regulatory developments, and industry trends to proactively address potential risks.
- Provide regular reports and updates to senior management on the effectiveness of cyber GRC initiatives and the overall security posture.
- Foster a culture of continuous improvement by identifying opportunities to enhance processes, technologies, and controls.
Skills, Knowledge and Expertise
- Bachelor’s degree in computer science, Information Security, or a related field with at least one professional certification, such as CISA, CISM, CRISC, or CISSP.
- 5-7 years of experience in cybersecurity, risk management, or compliance roles.
- Strong understanding of cybersecurity principles, frameworks (e.g., ISO 27001, FedRAMP, NIST, IRAP, E8, PCI-DSS, and CPS-234), and regulatory requirements.
- Experience with contemporary software development lifecycle (SDLC) security practices, DevOps, DevSecOps and cloud security principles.
- Experience with GRC platforms and tools is advantageous.
- Excellent communication skills with the ability to articulate complex technical concepts to non-technical stakeholders.
- Proven leadership abilities with a track record of successfully managing cross-functional teams and driving initiatives to completion.
- Analytical mindset with the ability to assess risks, prioritise tasks, and make data-driven decisions.
- Strong project management skills with the ability to multitask and meet deadlines in a fast-paced environment.
As we expand our global team and extend our skills and expertise, we are unified as one Nuix team guided by our shared values.
Nuix Vision
Nuix Vision
Finding Truth in a Digital World.
Nuix Mission Statement
Nuix creates innovative software that empowers organizations to simply and quickly find the truth from any data in a digital world. We are a passionate and talented team, delighting our customers with software that transforms data into actionable intelligence.
Nuix Values
· TAKE OWNERSHIP
· RESILIENT
· UNAFRAID
· TEAM NUIX
· HERO OUR CUSTOMERS
We believe in these principles and seek to weave them into the fabric of our daily work at Nuix. In doing so, we co-create a dynamic and purposeful company culture that we can be proud of and want to belong to.
Source : Nuix