Senior analyst Job at Clover Consulting Inc., Caledonia, MI

SzZuakZLY0JuaXVGbVVqeko4NC9ManFM
  • Clover Consulting Inc.
  • Caledonia, MI

Job Description

Senior GRC Analyst

Hybrid - Grand Rapids, MI

*NO C2C option, client does not sponsor*

*Local Candidates Preferred*

Position Summary:

The Senior Governance, Risk, and Compliance (GRC) Security Analyst is responsible for supporting the security direction of the business and elevating the company s security posture. The Senior GRC Security Analyst is expected to support the security strategy of the business within new and existing information system capabilities. The position requires both an understanding of legacy systems, as well as new technologies and requirements. The Senior GRC Security Analyst is also responsible for maintaining the risk register and collaborating with IT teams to effectively drive risk reduction to manage corporate risk and strengthen security posture.

The role oversees the business security requirements and obligations mandated by standards and regulations such as the Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SOX), Health Information Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS). In tandem with security leadership, the GRC security analyst consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the Senior GRC Security Analyst monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business.

As a key member of the security team, the Senior GRC Security Analyst must focus on strong risk management and corporate resiliency, and not be driven solely by compliance. The Senior GRC Security Analyst will report to the Manager, IT Governance, Risk & Compliance.

Here s what you ll do:

  • Conduct enterprise-wide, ongoing risk analysis in tandem with compliance and security to identify potential risk and maintain oversight in a GRC-related platform.
  • Identify strengths and weaknesses in the security program as they relate to privacy, security, business resiliency, and compliance frameworks.
  • Document and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation.
  • Maintain strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered.
  • Analyze findings, document, recommend, and report program gaps to security leadership.
  • Monitor current and proposed security changes impacting regulatory, privacy, and security industry best practice guidance.
  • Support audit practices and processes and work with the IT organization to ensure findings are remediated.
  • Document and capture qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership.
  • Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes.
  • Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws.
  • Foster strong relationships with internal business units and excel in risk management, technical controls, and cybersecurity communication.
  • Travel as needed to office locations and third-party on-site engagements.
  • Perform other duties as assigned.

Here s what you ll need:

  • Bachelor's degree in information assurance, MIS, cybersecurity, business, or equivalent experience.
  • Master's degree preferred.
  • At least five years of IT or cybersecurity experience (or IT coupled with cybersecurity), with at least two years in an operationally focused IT Assurance or security practitioner role.
  • Experience and understanding of various regulatory requirements and laws, including but not limited to PCI, SOX, HIPAA, and GLBA.
  • Experience with Payment Card Industry (PCI) assessments, PCI-P certification preferred.
  • Experience creating and maintaining cybersecurity policies, standards, and procedures.
  • Demonstrated knowledge of operating systems, networking security concepts, and industry best practices.
  • Demonstrated understanding of legacy and progressive technology and security controls along with respective risk.
  • Skilled at leading projects, collaborating with diverse teams, and promoting enterprise-wide risk management rigor and a security-first culture.
  • Excellent analytical, problem-solving, troubleshooting, and decision-making skills.
  • Highly organized and detail oriented, with excellent written and verbal communication skills.
  • Track record of acting with integrity, taking pride in work, seeking to excel, and being curious and adaptable.
  • Must be able to work independently and in a team setting.
  • CISSP, CRISC, CGEIT or GRCP are preferred, but not required.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.

Report this job
  • Dice Id: 10108584
  • Position Id: AF-SNGRC

Job Tags

Local area,

Similar Jobs

Metro Industrial Areas Foundation

Organizer Job at Metro Industrial Areas Foundation

 ...Metro Industrial Areas Foundation Organizer Covering New York Position Overview: The Industrial Areas Foundation (IAF...  ...affiliate, Metro IAF, are hiring Organizers dedicated to empowering communities and building power from the ground up. Organizers will work... 

Get It - Professional Services

Quality Assurance Tester - Remote | WFH Job at Get It - Professional Services

 ...you have a passion for ensuring software quality and delivering exceptional user...  ...and resolving issues? If so, this Quality Assurance Tester role is an excellent opportunity...  ...of a hybrid work schedule with a mix of remote and in-office work. Ready to Join Our... 

The Borgen Project

Political Affairs Internship Job at The Borgen Project

 ...further! The Borgen Project is an international organization that works at the political level to improve living conditions for people impacted by war, famine and poverty. With 20 years of experience in the advocacy space, The Borgen Project has worked to support... 

Gpac

Recruiter (Fully Remote) Job at Gpac

 ...qualified candidates with suitable job opportunities. This is a remote position, allowing you the flexibility to work from anywhere...  ...* Provide guidance and support to candidates throughout the recruitment process, ensuring a positive candidate experience.* Collaborate... 

SAG-AFTRA

Organizer Job at SAG-AFTRA

 ...SAG-AFTRA Organizer Based in Los Angeles, CA or New York City, NY Who We Are SAG-AFTRA is the iconic American labor union...  ...mobilize organizing committees; cultivate relationships with community and political allies. Provide vision and leadership to...