GRC Analyst
To see similar active jobs please follow this link: Remote Consulting jobs
Position Summary:
The Security GRC Analyst is focused on ensuring Pax8’s security incident response is coordinated, documented, and messaged with key stakeholders. They oversee the delivery of an up-to-date incident response plan, execution of IR tabletop exercise, and day-to-day coordination of any security related incidents that require leadership involvement. Additionally, the Analyst supports the maturity efforts of the third-party risk management security program. Third party risk program focuses on internal supplier and vendor marketplace security risk reviews and assurance efforts. They are a key member of the Trust and Security team, providing guidance and direction to security professionals and collaborating with other departments across the organization.
Essential Responsibilities:
Manage inquiries and requests related to incident response through cross-functional team coordination.
Oversee execution of incident response tabletop exercises.
Participate in security program improvements and tool selection efforts aligned with the security incident response and resilience.
Develop and maintain security procedures for incident management and response by defining and documenting security best practices for managing an incident management process.
Stay up-to-date on industry trends and best practices by continuously learning and adapting the security program to address evolving threats.
Collaborate with other departments by partnering with IT, engineering, legal, data management office, HR, and other departments to ensure security considerations are integrated into all business processes.
Measure and report on security performance by tracking key metrics (KPIs/KRIs), identifying areas for improvement, and reporting to the GRC leader and other stakeholders.
Collaborate on building out an improved third-party risk management program that supports risk reviews of our internal suppliers and marketplace vendors.
Perform risk assessments on third parties, track security risks, and promote strong compliance practices.
Ideal Skills, Experience, and Competencies:
At least three (3) years of experience in IT security role with incident management or response related experience.
Proven experience in resilience and security incident response efforts (e.g. understand asset criticality, data classification, business impact, key stakeholder engagement and strong cross-functional communications).
Understanding of public cloud deployments and associated security risks and controls.
Experience working in a Zero Trust focused security program.
Strong understanding of security best practices and frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, ISO 27001:2022 and SOC2 audit efforts).
Excellent communication, interpersonal, and leadership skills.
Recommended Education & Certifications:
B.A./B.S. in a related field or equivalent work experience.
Risk Focused Certifications such as CISA, CRISC, CISSP is a plus
Compensation:
Qualified candidates can expect a salary beginning at $76,000 or more depending on experience
Expected Closing Date: 8/16/24
#LI-Remote #LI-AG1 #BI-Remote #DICE-A
About the job
GRC Analyst
To see similar active jobs please follow this link: Remote Consulting jobs
Position Summary:
The Security GRC Analyst is focused on ensuring Pax8’s security incident response is coordinated, documented, and messaged with key stakeholders. They oversee the delivery of an up-to-date incident response plan, execution of IR tabletop exercise, and day-to-day coordination of any security related incidents that require leadership involvement. Additionally, the Analyst supports the maturity efforts of the third-party risk management security program. Third party risk program focuses on internal supplier and vendor marketplace security risk reviews and assurance efforts. They are a key member of the Trust and Security team, providing guidance and direction to security professionals and collaborating with other departments across the organization.
Essential Responsibilities:
Manage inquiries and requests related to incident response through cross-functional team coordination.
Oversee execution of incident response tabletop exercises.
Participate in security program improvements and tool selection efforts aligned with the security incident response and resilience.
Develop and maintain security procedures for incident management and response by defining and documenting security best practices for managing an incident management process.
Stay up-to-date on industry trends and best practices by continuously learning and adapting the security program to address evolving threats.
Collaborate with other departments by partnering with IT, engineering, legal, data management office, HR, and other departments to ensure security considerations are integrated into all business processes.
Measure and report on security performance by tracking key metrics (KPIs/KRIs), identifying areas for improvement, and reporting to the GRC leader and other stakeholders.
Collaborate on building out an improved third-party risk management program that supports risk reviews of our internal suppliers and marketplace vendors.
Perform risk assessments on third parties, track security risks, and promote strong compliance practices.
Ideal Skills, Experience, and Competencies:
At least three (3) years of experience in IT security role with incident management or response related experience.
Proven experience in resilience and security incident response efforts (e.g. understand asset criticality, data classification, business impact, key stakeholder engagement and strong cross-functional communications).
Understanding of public cloud deployments and associated security risks and controls.
Experience working in a Zero Trust focused security program.
Strong understanding of security best practices and frameworks (e.g., MITRE ATT&CK, NIST Cybersecurity Framework, ISO 27001:2022 and SOC2 audit efforts).
Excellent communication, interpersonal, and leadership skills.
Recommended Education & Certifications:
B.A./B.S. in a related field or equivalent work experience.
Risk Focused Certifications such as CISA, CRISC, CISSP is a plus
Compensation:
Qualified candidates can expect a salary beginning at $76,000 or more depending on experience
Expected Closing Date: 8/16/24
#LI-Remote #LI-AG1 #BI-Remote #DICE-A