GRC Analyst

Responsibilities:

Policies, Standards, and Controls:

• Maintain cybersecurity policies, standards, and guidelines.
• Monitor compliance with the cybersecurity control framework.
• Communicate policies to relevant stakeholders.

Security Awareness:

• Develop security awareness training programs and materials under guidance.
• Plan and execute cybersecurity awareness events and communication campaigns.
• Organize and deliver training sessions to employees on security policies and best practices.
• Monitor and report on the effectiveness of security awareness initiatives.

Cyber Risk Management:

• Assist in collecting, analyzing, and presenting cybersecurity program performance metrics and key risk indicators (KRIs).
• Conduct regular assessments of cyber risks within applications, platforms, and processes with guidance.
• Document and monitor mitigation strategies and risk management plans.
• Actively participate in third-party risk management by assessing the security posture of external vendors and partners.

PCI, SOX, and Privacy Compliance:

• Support cross-functional teams in implementing regulatory and PCI-DSS controls.
• Process privacy-related data subject access requests.
• Monitor compliance and report on its effectiveness.
• Perform periodic gap assessments to validate compliance.
• Assist in managing action plans in response to audit discoveries.

Education/Experience:

• Minimum 2 years of work experience in a cybersecurity or technical risk analysis role.
• Working knowledge of cybersecurity control frameworks (preferably NIST CSF), PCI-DSS, and SOX.
• Exceptional written and verbal communication skills adaptable to various audiences.
• Analytic and problem-solving skills.
• Bachelor's degree in Cybersecurity or related field, or a combination of related education and work experience in an Information Security role equivalent to 4 years.