GRC Security Analyst II

Request Technology, LLC, Lake Forest, IL 2 weeks ago

Full Time
$100,000 – $125,000
Job Description
***We are unable to sponsor as this is a permanent full time role***

A prestigious company is on the search for a GRC Security Analyst II. This fortune 500 company is looking for a strong GRC analyst with 3+ years of experience. This analyst needs experience with creating and updating company policies, procedures, and standards. The analyst needs experience working with frameworks such as NIST, PCI DSS, HIPAA, etc. The client is looking for someone with certifications such as CISM, CISSP, CISA, etc.


Works with business teams across the global organization to execute the Information Security, Governance, Risk & Compliance strategy, extending processes as necessary to help business partners identify information security risks and manage risks to an acceptable level
Collaboratively works to influence and socialize Information Security controls, standards, policies, procedures, and communications.
Advises process owners globally on Information Security controls needed for the mitigation of risks in accordance with the Information Security Process, Risk & Controls framework, and in compliance with regulatory requirements and industry standards
Track compliance to regulatory and industry standards, including NIST Cybersecurity Framework (CSF), Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes Oxley (SOx) ITGCs.
Creates comprehensive and various levels of Information Security metrics and reporting for leadership.
Provides guidance with respect to needed changes to established Information Security policies based on day-to-day interactions with Client businesses.
Proactively provides relevant inputs to the global risk framework based on the latest government and industry information regarding new threats and vulnerabilities and communicate relevant information to appropriate teams, soliciting action plans if needed.
Coordinates deployment and measurement of Information Security awareness and training efforts across Client global business units and subsidiaries.
Ensures that adequate information security contractual protections are included in third party vendor contracts by working with the Indirect Procurement, Data Privacy and the Legal teams.
Monitors and manages the Information Security risk register to ensure that all Information Security risks are accurately represented and actively managed.
Recognizes opportunities to balance risk and creativity in quickly responding to business opportunities
Aligns individual goals to Information Security and Technology team goals with S.M.A.R.T. objectives


3+ years of experience in Information Security Governance, Risk and Compliance
Effective analytical, negotiation, facilitation, interpersonal, and stakeholder management skills
Strong verbal and written communication
Strong attention to detail
Experience creating and updating company policies, procedures and standards.
Experience working with NIST CSF (or similar) security framework, PCI DSS and HIPAA standards in operational IT environment required
CISSP (Certified Information Systems Security Professional) certification, CISA (Certified Information Security Auditor), CISM (Certified Information Security Manager), CRISC (Certified in Risk and Information Systems Control) or CIPP (Certified Information Privacy Professional) certifications helpful, but not required
Operational experience in applying risk frameworks to technologies (including cloud, containers) and continuous processes (including DevOps and Agile software deployment) very helpful
Working knowledge of compliance tools such as the Unified Compliance Framework (UCF) Common Controls Hub (CCH), and Information Risk Management tools helpful, but not required

Request Technology, LLC
Dice Id : napil006
Position Id : 6847816
Originally Posted : 2 weeks ago
Have a Job?
Learn About Dice
About Us
Contact Sales
Contact Us
Privacy Policy
Do Not Sell My Personal Information
Work at Dice
Dice Services
Browse Jobs
Browse Companies
Browse Salaries
Skills Center
Social Recruiting
Dice Everywhere
Twitter Facebook
App Store
Google Play
Copyright ©1990 – 2021 Dice. All rights reserved. Use of this site is subject to certain Terms and Conditions.

Dice is a DHI Service