Job Title - IT Compliance (GRC) Analyst
Duration - Long Term
Work Mode- Onsite (Monday-Friday)
Work Location- Irving, Tx
Position Summary:
We are seeking an IT Compliance GRC Analyst to lead internal, vendor-managed, and cloud-hosted application access reviews to ensure access appropriateness. The Compliance Analyst will report to the Sr. Information Security Manager (Governance, Risk, and Compliance) to lead and support compliance program initiatives focusing on ensuring ongoing compliance for the organization. This position requires strong compliance experience, strong technical expertise (including technology and data security), proactive problem-solving skills, and the ability to work in a fast-paced environment to ensure our systems and data meet internal and external regulatory requirements.
PRINCIPAL DUTIES AND RESPONSIBILITIES (May perform any or all of the following):
- Lead internal, vendor-managed, and cloud-hosted application access reviews to ensure access appropriateness.
- Develop, maintain, and improve access review methodology.
- Work with business units, control owners, and IT support staff to remediate access where deficiencies are identified.
- Ensure compliance with the applicable Board policies and Standard Operating Procedures per periodic access reviews.
- Identify manual security compliance controls that can be improved through automation and design and/or work with internal teams for said automation.
- Recommend new security compliance metrics and automate reporting of existing metrics.
- Actively review, test, analyze and report on the effectiveness and state of all required logical security controls.
- Present data, metrics, and other findings to key internal stakeholders.
REQUIRED KNOWLEDGE, SKILLS AND ABILITIES
- 5+ years of proven experience in security compliance and assessments.
- Experience and proficiency in Security Compliance and Regulatory Concepts, exemplified by a comprehensive understanding of relevant laws, regulations, and industry standards
- Experience applying in-depth understanding of governance, risk and compliance (GRC) in the realm of information security principles and best practices.
- Experience and proficiency in conducting user access reviews and implementing and delivering effective mitigation strategies to ensure the safety and security of systems and operations
- Experience and knowledge of regulatory frameworks such as GDPR, HIPAA, PCI DSS, or ISO 27001
- Experience applying meticulous attention to detail to ensure accurate and thorough analysis of security controls and compliance measures
- Experience demonstrating extensive knowledge of best practices and industry standards such as NIST SP 800-53, and the Center for Information Security (CIS) Benchmarks.
- Detail-oriented approach, especially in addressing audit findings, and implementing compensating control where appropriate
- Excellent problem-solving and troubleshooting skills
- Effective communication skills for technical and non-technical audiences
- Adaptability to new technologies and changing security landscapes
- Collaborative working with teams and cross-functional departments.
- Commitment to continuous learning in disaster recovery concepts
Minimum Requirements - Master’s degree in Cybersecurity, Information Technology, or a related field.
- Advanced certifications like Certified Information System Security Specialist (CISSP), Certified Information Security Auditor (CISA), or Certified Information Security Manager (CISM).
Efforts - Works in an office environment
- May perform visual verification surveys in the field.
- May sit for prolonged periods of time.
- Uses keyboard devices and computer monitors.
- Uses near-visual acuity in reading written documents
- Uses substantial reasoning in performing analysis and in solving problems
- Exchanges information by phone, computer, in writing, and in person.
- Drives to locations on Airport property.
ABOUT ISHIR
ISHIR is a digital innovation and enterprise AI services provider. We work with startups and enterprises to shape the future through accelerated innovation, deep technical expertise, access to global digital talent and a passion for complex problem-solving. With our help, our clients overcome their most difficult digital challenges leveraging AI.
We are not just consultants, we are partners in our clients’ success, assisting them with re(gaining) competitive edge by identifying opportunities for differentiation, industry disruption, scalable innovation, and go-to-market strategies that deliver successful outcomes.
At ISHIR, we help bold businesses accelerate innovation through Talent, Speed-to-Market, and AI. We help make an impact by solving real problems using innovation, improved customer experiences and the right technologies.
As an ISHIR employee, you will get the advanced training you need to be successful, and the opportunity to apply it. You must be passionate about technology, crave responsibility, and be eager to apply your knowledge to real business solutions for our startup and enterprise customers. These are the qualities of a person destined for success at ISHIR.
ISHIR attracts a special type of individual—someone who is proactive, thrives on challenges, feeds off success, and looks at moving targets not as obstacles but as opportunities. ISHIR is an exciting place to work. It is imbued with an entrepreneurial spirit and promotes self-reliance, open communication, and collaboration.
•
Last updated on Oct 15, 2024