Information Security Analyst, GRC

In this role your skills, experience and knowledge of information security will help the organization ensure vendors, applications and organizational changes occur within the boundaries of the organization’s risk tolerance.

The person in this role participates in projects and assessments as a security consultant or advisor on risk. Researches general and industry specific security trends. Analyzes, defines security policies and information security standards. Provides detail to project teams regarding security requirements. Creates and presents risk reports, policies, results and deliverables.

‍

‍

• Participates in projects and assessments on risk.
• Analyzes and defines security policies and standards.

‍

‍

‍

• Industry relevant certifications such as CISSP, CRISC, CISA, CGEIT, Security +.
• Effective communication skills enabling communication of complex information to various audiences both verbally and in writing.
• Ability to establish trust with partners through demonstration of knowledge and commitment to security.
• A solid understanding of the regulations and security standards that govern the protection of information such as GLBA, NAIC, HIPAA, PCI, ISO 27002 and FFIEC.
• Strong knowledge and understanding of the role of technical, administrative and physical controls in securing information.
• Confidence to recommend changes and improvements to the security program.
• Ability to manage multiple projects and engagements simultaneously.

• Understanding of the role of the Information security Program in the security of an organization’s data.

‍