GRC Analyst

Description:

The management, assessment, and mitigation of risks are fundamental components of our information assurance and cyber security program. This position leads the IT security risk and audit program for information systems security using generally accepted standards and frameworks for IT audit and risk management (e.g., NIST, ISO,PCI, and ISACA). The position is responsible for the development and implementation of the IT security risk and audit strategy that perform information systems and business process risk assessments and evaluate the effectiveness of technical, physical, and administrative controls to identify control weakness. This individual will interface with the Security Operations, IT Operations, and various business units to:

 Perform PCI, SOC2, ISO, and applicable cybersecurity controls-related reviews to ensure that current, new, and technology infrastructure complies with these standards and Department’s security policies.

 Plan and perform IT security controls effectiveness. Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls.

 Maintain IT security risk and compliance matrix and performs management reporting. This will include IT systems controls, and business process risks to meet compliance requirements. Provide risk mitigation strategies

 Maintain Third Party Risk Management Program (TPRM) and analyze SOC-2 and other reporting including mapping to key IT security and compliance controls such as NIST, PCI, and COBIT.

 Manage IT security vulnerabilities management program aligned with PCI and NIST standards.

 Identifying and ranking the value, sensitivity, and criticality of the operations and assets that could be affected should a threat materialize in order to determine which operations and assets are the most important.

 For the most critical and sensitive assets and operations, estimating the potential losses or damage that could occur if a threat materializes, including recovery costs.

 Identifying cost-effective actions to mitigate and reduce risk. These actions can include implementing new organizational policies and procedures as well as the design of technical or physical controls.

 Coordinating, tracking, and verifying remediation of audit findings.

 Documenting the results and developing a plan of action and milestones for mitigating any identified risk.

 Produce formal audit reports based on ISACA Audit Standards.

 Promotes compliance with regulatory requirements (e.g. PCI DSS) and IT best practices.

 Advanced skill level in business process mapping and documentation as well as policy and procedure development

 Recent experience in Information Security with up-to-date knowledge of the current threat landscape.

 Solid understanding of PCI DSS standards

Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to specific elections, plan, or program terms.  If eligible, the benefits available for this temporary role may include the following:

Medical, dental & vision

Critical Illness, Accident, and Hospital

401(k) Retirement Plan – Pre-tax and Roth post-tax contributions available

Life Insurance (Voluntary Life & AD&D for the employee and dependents)

Short and long-term disability

Health Spending Account (HSA)

Transportation benefits

Employee Assistance Program

Time Off/Leave (PTO, Vacation or Sick Leave)

https://www.teksystems.com/en/careers/benefits.

Posting date 10/7/2024

About TEKsystems:

Were partners in transformation. We help clients activate ideas and solutions to take advantage of a new world of opportunity. We are a team of 80,000 strong, working with over 6,000 clients, including 80% of the Fortune 500, across North America, Europe and Asia. As an industry leader in Full-Stack Technology Services, Talent Services, and real-world application, we work with progressive leaders to drive change. Thats the power of true partnership. TEKsystems is an Allegis Group company.

The company is an equal opportunity employer and will consider all applications without regards to race, sex, age, color, religion, national origin, veteran status, disability, sexual orientation, gender identity, genetic information or any characteristic protected by law.