Featured

Senior Security GRC Analyst

Job Description


VANRATH are pleased to be working with a leading law firm who are seeking to recruit a Senior Security GRC Analyst
Responsibilities:

  • Participate and lead all aspects of the IT audit function; including planning, audit program development, control analysis, testing, issue development, and reporting
  • Respond to client information security audits in a timely, accurate, and effective manner
  • Provide effective responses to client Request for Proposals and Requests for Information in support of the business development function
  • Ensure that scoped systems are monitored and audited relative to the requirements set forth in the firm's ISMS
  • Report on compliance with the firm's information security policies and procedures
  • Monitor control systems to ensure that appropriate information access levels and security clearances are maintained
  • Provide guidance and support for the System Governance Virtual Team
  • Coordinate internal and external audit engagements with constituents
  • Provide status reports to the IT GRC Manager, Associate Director and other ISMS stakeholders
  • Maintain records of audit findings and ensure that corrective actions are implemented per the agreed remediation schedule
  • Develop standardized responses and documentation for external audits
  • Develop and provide metrics evaluating the effectiveness of the IT GRC function, and IT GRC's compliance with assigned ISMS responsibilities
  • Provide guidance to Legal regarding acceptable contract terms and conditions
  • Review and redline security schedules and other security requirements associated with proposed client contracts
  • Provide input into policies, standards and procedures. Author standards and procedures designed to safeguard sensitive information
  • Contribute to the Firm's security-related information repositories and other marketing/awareness endeavours
  • Monitor the latest developments in the IT GRC discipline and utilize that knowledge for continual improvement by providing formal and informal strategic and tactical plans and roadmaps to the IT GRC Manager and other stakeholders
  • Mentor junior members of the IT GRC group


Skills and Experience:
Technical Knowledge and Skills

  • Thorough understanding of security concepts and best practices
  • Authoritative understanding of audit principles applied to common information security domains such as security policy, organizational structure, asset management, human resources, physical security, operations, communications, access control, development and acquisition, incident management, business continuity, and compliance
  • Authoritative understanding of principles, theories, techniques, and methods of information system analysis and risk assessment
  • Authoritative understanding of security frameworks such as ISO 27001, NIST, SANS CSC
  • Working knowledge of common information systems such as Active Directory, networking, endpoint management, application development principles, cloud security and SQL
  • Working knowledge of common GRC and vendor risk management platforms
  • Proficient in the use of Microsoft Excel, Word and other office automation software
  • Capable of providing assistance with the preparation of internal training materials and documentation


Non-Technical Skills

  • Sufficient business acumen to understand the business drivers associated with risk management concepts, particularly those affecting client audits, RFP's, and contractual terms
  • Functional leadership skills such as the ability to direct the action of others, to facilitate meetings, and to report status in a clear and concise manner
  • Strong written and oral communication skills. Ability to convey complex concepts to non-technical constituents. Proficiency in oral and written English
  • Strong project management, analytical and interpersonal skills
  • Ability to set priorities independently given broad executive requirements
  • Demonstrates flexibility in response to the ever-changing priorities of a service provider organization
  • Passionate in the practice and pursuit of IT GRC excellence
  • Provide exemplary customer service by striving for first call resolution and demonstrating, empathy, respect, professionalism, and expertise
  • Maintain critical thinking and composure under pressure
  • Gather and analyze facts, draw conclusions, define problems, and suggest solutions
  • Internalize and act upon constructive feedback
  • Adopt new skills and improve existing skills in a dynamic environment


Minimum Education / Experience
Education

  • Possess a Computer Science, Information Assurance, or Information Systems Bachelor's Degree or substantial equivalent experience


Experience

  • Strong practical experience in information security technical operations
  • Strong management or supervisory experience in information security with a focus on IS audit, compliance, and risk management