Cyber Security GRC Operations Analyst

We are looking for an experienced Cyber Security GRC Operations Analyst at Level 2 to join our Governance, Risk, and Compliance (GRC) team. This role is essential in ensuring that the organization meets its cybersecurity regulatory requirements, maintains strong compliance standards, and mitigates risks effectively. The ideal candidate will have hands-on experience in GRC operations, risk management, and compliance assessments.

Requirements

Key Responsibilities

Governance and Policy Development

• Assist in the development, review, and updating of cybersecurity policies, standards, and procedures to ensure alignment with industry best practices and regulatory requirements.
• Support the implementation of cybersecurity governance frameworks, including NIST, ISO 27001, and other relevant standards.
• Work closely with cross-functional teams to ensure cybersecurity policies are understood, adopted, and adhered to across the organization.

Risk Assessment and Management

• Conduct regular risk assessments to identify vulnerabilities and potential threats to the organization’s assets.
• Collaborate with business units to develop risk mitigation strategies and ensure effective risk treatment plans are in place.
• Track and report on risk mitigation efforts, providing management with updates on the risk landscape.

Compliance Monitoring and Auditing

• Monitor and assess compliance with internal policies and external regulations, including GDPR, HIPAA, and other relevant standards.
• Conduct internal audits and assessments of cybersecurity controls to ensure compliance and identify areas for improvement.
• Support the documentation and reporting requirements for regulatory compliance, including audit preparation and findings resolution.

Incident Response and Investigation

• Assist in investigating security incidents related to governance, risk, and compliance, ensuring that appropriate corrective actions are taken.
• Document incident findings and work with cybersecurity teams to implement control improvements based on lessons learned from incidents.
• Conduct root cause analyses of compliance breaches and recommend remediation actions.

Awareness and Training

• Contribute to the development of cybersecurity awareness programs focused on GRC-related policies, procedures, and best practices.
• Provide training to employees on compliance requirements and the importance of cybersecurity governance.
• Develop and deliver awareness materials on topics such as data protection, compliance obligations, and risk management.

Continuous Improvement and Reporting

• Identify and recommend improvements to GRC processes to enhance the organization’s cybersecurity posture.
• Generate reports on GRC metrics, including compliance status, risk levels, and policy adherence, for management and stakeholders.
• Stay updated on emerging cybersecurity regulations, frameworks, and best practices to keep the organization informed and compliant.

Qualifications

• Education: Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field, or equivalent experience.
• Experience: 2+ years of experience in cybersecurity governance, risk management, or compliance roles.
• Certifications: CISSP, CISM, CRISC, or other relevant GRC/security certifications preferred.

Skills and Competencies

• Technical Skills:

  • Knowledge of GRC frameworks and standards, such as NIST, ISO 27001, GDPR, and SOX.
  • Experience with GRC tools and technologies for risk assessment, compliance tracking, and policy management.
  • Understanding of risk management and assessment methodologies.

• Soft Skills:

  • Strong analytical and problem-solving skills with attention to detail.
  • Excellent written and verbal communication skills, especially in policy writing and report generation.
  • Ability to collaborate across departments and communicate GRC concepts effectively to non-technical stakeholders.