GRC Analyst

VerSprite

VerSprite is an Inc fastest growing company and industry leader in PASTA threat modeling. Founded in 2007, VerSprite is a private cybersecurity consulting firm helping organizations tighten their risk-gaps with evolved security solutions and advanced threat intel tools.

VerSprite has a 97% client retention rate providing organizations with services like penetration tests, evolved red teaming engagements, vCISO, vSOC and VerSprite's advanced security tools Cloud Security Assessment Platform and Cyber Threat Intelligence Portal.

Job Description:

Summary: We are seeking a highly motivated and experienced GRC Consultant with a strong focus on risk management to join our team. The ideal candidate will be responsible for identifying, assessing, and mitigating risks that may impact our client's operations, compliance, and strategic objectives. This role requires a deep understanding of risk management frameworks, compliance standards, technical infosec tools and technologies, and the ability to collaborate effectively with cross-functional teams.

Key Responsibilities:

1. Risk Identification and Assessment:

• Conduct comprehensive risk assessments to identify potential threats and vulnerabilities.
• Analyze and prioritize risks based on their potential impact on the organization.
• Collaborate with department heads and subject matter experts to gather risk-related information.
• Evaluate technical vulnerability reports to contextualize actual the actual risks presented to the business.
• Assess network architecture and technical stacks to identify information security gaps.

1. Risk Monitoring:

• Continuously monitor and analyze internal and external factors that could impact the organization's risk profile.
• Stay updated on industry trends, regulations, and emerging risks.

• Develop and implement risk mitigation strategies and controls to reduce exposure.
• Develop and monitor key risk indicators (KRIs) and key performance indicators (KPIs) to ensure timely detection of emerging risks.
• Evaluate and recommend improvements to existing risk management processes and controls.

1. Compliance Management:

• Stay updated on relevant industry regulations, standards, and best practices.
• Ensure compliance with regulatory requirements by developing and maintaining compliance programs.
• Assist in the preparation of compliance reports for regulatory agencies and internal stakeholders.

1. Reporting and Communication:

• Prepare and deliver regular risk reports to senior management and stakeholders.
• Communicate risk findings and recommendations effectively to different levels of the organization.
• Collaborate with external auditors during audits and provide necessary documentation.
• Deliver quantitative risk reports.

1. Cross-Functional Collaboration:

• Work closely with IT and security teams to assess and enhance cybersecurity controls.
• Collaborate with internal departments to implement risk mitigation measures and ensure compliance.
• Act as a subject matter expert and provide guidance on risk-related matters.
• Act as liaison to articulate specific technical findings into contextual business risk specific to the organization based on specific threats to the business sector.

Qualifications:

• Bachelor's degree in a relevant field (e.g., Risk Management, Business Administration, Information Security) [master's degree or relevant certifications a plus] or relevant experience.
• 3+ years of proven experience in GRC, with a focus on risk management.
• Strong knowledge of risk management frameworks (e.g., COSO) and industry standards (e.g., ISO 31000, NIST).
• Familiarity with compliance regulations and standards (e.g., GDPR, HIPAA, SOX).
• Proficiency in risk assessment methodologies and tools.
• Excellent analytical, problem-solving, and decision-making skills.
• Effective communication and presentation abilities.
• Ability to work independently and in cross-functional teams.
• Relevant certifications (e.g., CISSP, CISA, CRISC) a plus.
• Hands-on experience in working with cybersecurity tools to determine technology risks strongly preferred.

Benefits

We offer a competitive compensation package where you'll be recognized for the value you bring to our business, along with:

• Opportunities to develop new skills and progress your career;
• The freedom and flexibility to handle your role in a way that's right for you; and
• A collaborative environment where everyone works together to create a better working world

If this seems intriguing to you, please apply We will reach out promptly to discuss your fit and additional job details.