Information Security Governance, Risk and Compliance (GRC) Analyst

The ideal candidate is a self-starter with a passion for building relationships and collaboration. The candidate should have strong written and verbal communication skills.

Sample Duties and Responsibilities:

• Ability to read, comprehend, and analyze published:
  • laws and regulations, security policies and standards, and information sharing agreements.
  • leading security frameworks such as the National Institute of Standards and Technology (NIST) Cyber Security Framework.
  • security requirements of the Payment Card Industry Data Security Standard and the maintenance of effective controls in our retail networks.
• Actively participate in risk assessments with the team and facilitate the implementation of security safeguards across IT.
• Develop tracking for ongoing risk mitigation work and the maintenance of security safeguards.
• Track security safeguards for several compliance programs including Payment Card Industry Data Security Standard (PCI-DSS), Social Security Administration (SSA), Federal Motor Carriers Safety Administration (FMCSA), Criminal Justice Information Services (CJIS), and agency requirements for issuance of Real ID in Massachusetts.

About You
Required

• Two plus (2+) years of training or practical experience in IT Operations
• Two plus (2+) years of training or practical experience in Information Security Risk Management
• Strong work ethic, great time management, and highly inclusive team player
• Effective verbal and written communicator, with excellent writing skills
• Authorization to work indefinitely in the U.S.

Preferred:

• Bachelor's degree or equivalent in Cyber/Information Security
• Industry certifications such as CISSP
• Previous experience on a GRC team in a large organization
• Previous experience with using enterprise GRC tools .