GRC Analyst

Looking for a home in an unstable job market

If so... I have an opportunity you might be interested in. I am hiring a hybrid in Phoenix, FTE, Jr. GRC Analyst with a company that boasts an average employee tenure of 10 years and offers significant opportunities to grow from within.

***This position is only considering individuals local to Phoenix

Position Overview: Cyber Risk Management: Assists with the collection, analysis, and presentation of cybersecurity program performance metrics and key risk indicators (KRIs). With guidance, conducts regular assessments of cyber risks within applications, platforms, and processes. Documents and monitors mitigation strategies and risk management plans. Actively participates in third-party risk management by assessing the security posture of external vendors and partners.

PCI, SOX, and Privacy Compliance: Supports cross-functional teams in the implementation of regulatory and PCI-DSS controls. Processes privacy-related data subject access requests. Monitors compliance and reports effectiveness. Performs periodic gap assessments to validate compliance. Assists in managing action plans in response to audit discoveries.

Policies/Standards/Controls: Maintains cybersecurity policies, standards, and guidelines. Monitors compliance with cybersecurity control framework. Communicates policies to relevant stakeholders.

Security Awareness: With guidance, develops security awareness training programs and materials. Plans and executes cybersecurity awareness events and communication campaigns. Organizes and delivers training sessions to employees on security policies and best practices. Monitors and reports on the effectiveness of security awareness initiatives.

Qualifications: Minimum 2 (max 4) years of work experience in a cybersecurity or technical risk analysis role. Working knowledge of cybersecurity control frameworks (NIST CSF preferred), PCI-DSS, and SOX. Exceptional written and verbal communication skills that can be adjusted to relevant audiences. Analytic and problem-solving skills. Bachelor in Cybersecurity or related field or a combination of related education and work experience in an Information Security role to equal 4 years. NIST CF Experience ISP 20000 OR ISP 20009 cert Email Phishing Campaigns Ability to communicate at a high level Ability to write email/newsletters effectively and competently Microsoft Office

#J-18808-Ljbffr