Security/GRC Analyst

CLIENT:: MBTA

JOB TITLE::Security/GRC Analyst

LOCATION::ONSITE 1 DAY A WEEK in BOSTON

DURATION::12 MONTH CONTRACT

RATE::$55/hour on w2

We're looking for the following resource. The contract term will be for one year. This is a hybrid position (with one day required in our 10 Park Plaza office location

Senior IT GRC Policy Analyst

The Senior IT Policy Analyst works to provide IT policies aligned with NIST security controls for the MBTA. This position will helm all policy work including tracking and updating current policies, managing policy exceptions, and providing metrics and reporting on policy work. This position will also manage the cybersecurity awareness training program which includes annual training, phishing training, and specialty training for specific groups within the MBTA.

Oversee and manage all policies including revisions

Develop and manage the policy exception process including metrics and reporting

Coordinate with key stakeholders on policies and standards across the MBTa

Research and evaluate policies to ensure they are current and follow all applicable laws, regulations, and guidelines

Identify and implement GRC security controls based on the NIST framework

Manage the cybersecurity awareness program including annual training, phishing training, and special group training

Collaborate within the GRC team on larger GRC projects around risk analysis and compliance requirements

Preferred Skills:

3-to-5 years experience working with NIST Cybersecurity Framework, and familiarity with NIST 800-53 Rev. 5

3-to-5 years experience managing a policy program including updating current policies, tracking exceptions, and developing and reporting out metrics

3 -to-5 years experience working with security content platforms and developing curricula for cybersecurity training