GRC Analyst Memphis, TN

Title:                   GRC Analyst

Duration:         6+ months

Interview:        Video

Visa:                     US,GC, OPT/EAD, EAD/GC, H4/EAD,

City:                     Memphis, TN  

 

 

 

 

 

 

Description:

  

ALSAC is seeking a Governance Risk and Compliance (GRC) Analyst to join its collaborative team in Memphis, TN. This individual will serve a key function in the development, implementation, and maintenance of ALSAC’s GRC program, including planning and implementing policies, procedures, standards, and controls to govern the protection and privacy of corporate information systems, networks, data and third-party risk reviews. In this role, you will have the opportunity to support strategic and innovative company initiatives through technological solutions.

Requires thorough knowledge of information security practices and technologies; ability to speak and write in a clear and understandable manner for internal and external relations; understand extremely complex verbal or written instructions; understand information security issues dealing with computer hardware, software, and infrastructure.

Essential Job Functions

  • Work in the Information Security lab and work with a close team of analysts, engineers, and architects to mature the Information Security department and protect the organization and its donors.
  • Analyzes and monitor enterprise information security systems and reports all suspicious activity. Requires use of a personal computer.
  • Operates in an unbiased manner, maintaining confidentiality and integrity with all information security events.
  • Manage third-party vendor risk assessments while collaborating with internal and external teams.
  • Have a strong risk and audit mindset with experience in interpreting and assessing controls using compliance frameworks such as ISO 27001, SOC 2, PCI DSS, and others.
  • Collaborate on building out an improved third-party risk management program.
  • Provides analysis of information security processes and tools recommending innovative solutions for enhancing processes, toolsets, and policies.  
  • Stay up to date on industry trends and best practices by continuously learning and adapting the security program to address evolving threats.
  • Measure and report on performance by tracking key metrics (KPIs/KRIs), identifying areas for improvement, and reporting to the GRC leader and other stakeholders.
  • Assist with training personnel on information security issues. Knowledge ordinarily acquired through attainment of a bachelor’s degree in business or information systems plus 3 years of progressive information security experience. Information security certification preferred. If no degree, must show extensive years of experience.

 

Requirements

  • GRC/Vendor Management tools like OneTrust, Tugboat, or Archer.
  • BitSight or SecurityScorecard.
  • While the candidate doesn’t have to know all these tools, a broad range of experience in the area which these tools cover is required.
  • Prefer CISA, CISM, CRISC or an equivalent professional certification.
  • Nice to have Security+ or similar certification or higher in the field of Information Security as well as a demonstrated interest in Information Security.

 

  •  Have a strong risk and audit mindset with experience in third-party risk assessments interpreting and assessing controls using compliance frameworks such as ISO 27001, SOC 2, PCI DSS, and others.
  • Collaborate on building out an improved third-party risk management program by owning & reporting on performance by tracking key metrics (KPIs/KRIs).
  • GRC/Vendor Management tool experience like OneTrust, Tugboat, Archer, BitSight, SecurityScorecard, etc.

 

 

Relevant Skills:

 

 

Software/Technology

Years of Experience

Date Last Used(MM/YYYY)

Total Exp as a GRC Analyst.

 

 

Total Exp with GRC/Vendor Management tools like OneTrust, Tugboat, or Archer.

 

 

Total Exp with BitSight or SecurityScorecard.

 

 

Total Exp with risk and audit and interpreting and assessing controls using compliance frameworks such as ISO 27001, SOC 2, PCI DSS, and others.

 

 

Total Exp helping/collaborating on building out and improving third-party risk management programs.

 

 

Total Exp analysing and monitoring enterprise information security systems and reports all suspicious activity.

 

 

Total Exp managing third-party vendor risk assessments while collaborating with internal and external teams.

 

 

Do you hold CISA, CISM, CRISC or an equivalent professional certification?

(Y or N and please list all that apply

 

Do you have Security+ or similar certs or higher in the field of InfoSec?

(Y or N and please list all that apply)

 

 

 

Thank & Regards

Shard Phutela | Senior Techincal Recruiter

D: 267-665-2313,

First Ring Solutions LLC | Philadelphia, PA 19102

Note: Due to high volume of calls, I may miss your call, email is the better way to reach me.

 

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Most Voted
Newest Oldest
Inline Feedbacks
View all comments