GRC Security Specialist

This position will develop, integrate and administer complex enterprise GRC workflows, data, system integration and related tools. Other key activities include working with Information Security, Information Technology and business stakeholders to understand and support their use of the IT GRC platform and to ensure Information Security controls are managed though out a full lifecycle that includes policies, procedures, implementation, metrics, and assurance requirements.  

The GRC Security Specialist - Intermediate should also have the knowledge of industry best practices for Information Security GRC, industry recognized information security frameworks, proficiency in multiple development languages, database expertise, a robust knowledge of the security of information systems and techniques required to protect the confidentiality, integrity, and availability of sensitive information. Strong interpersonal and communication skills, critical thinking, analytical and problem-solving skills are required to avoid checkbox mentality and tackle unexpected challenges by coming up with intelligent ways of providing functionality and security. This role is focused on the GRC system and using a REST API service to integrate with other enterprise technology tools. The individual must have an excellent understanding of information security program needs, risks, along with project management experience. The individual should be able to work well under pressure, independently, and be able to perform effectively in a team setting to achieve organizational goals.

‍

‍

‍

• Develop workflows and administer enterprise GRC solution
• Integrate enterprise GRC with other IT systems including identity and access management, IT ticketing system, asset inventory and vulnerability management via a REST API
• Consult with customer to gather and define requirements
• Continually optimize and enhance workflows
• Provide status updates and present on GRC solution related topics to other team members in a professional manner
• Support security training and awareness program by providing GRC contents to the training teams
• Engage and work with a variety of internal departments and external organizations, including but not limited to legal firms, law enforcement agencies, and all other levels of government
• Participate in the routine administrative work of the Information Security Office (InfoSec)

‍

• Governance, Risk, and Compliance (GRC) software platform administration experience.
• Experience building and customizing GRC workflows including, forms, surveys, approval workflows, dashboards, database administration to support business and risk management processes
• General knowledge of Information Security frameworks and how to integrate the control requirements in a GRC platform
• Strong competency using Microsoft Visual Studio
• Knowledge of API’s (REST) and JSON files.
• Solid programming skills in at least one high-level language (e.g., Python, Ruby)
• Strong ability with database concepts and API implementation
• Well-versed in secure software development lifecycle procedures and concepts
• Well-versed in project management procedures and concepts
• Have soft skills, such as multi-tasking, self-starter, prioritization, time management, decision making, teamwork, presentation, communication and strong interpersonal skills
• Advanced Knowledge of Microsoft suite of applications (Word, Excel, Visio, Project, etc.)

KNOWLEDGE AND SKILLS PREFERRED:

• Navex Global’s IRM, Lockpath, software platform deployment and administration experience
• Experience building and customizing Lockpath GRC workflows
• Working knowledge of information security risk management and risk assessment methodologies.
• Expert knowledge of one or more of the following: HITRUST, HIPAA Security and Privacy Rule, Red Flags Rule, Healthcare IT Standards (HITSP),HITECH, Meaningful Use (MU), COBIT, and PCI.
• Strong background in business application, IT, and information security development
• Expert knowledge of C#, SQL, and XML
• Middleware experience with Demisto
• A diverse set of technical skills, such as IT infrastructure, operating systems, data centers, access controls, cloud security, applications security, malware protection, security monitoring, physical security controls, etc.

‍