Job Description

About the job GRC Analyst Position Summary Our client is the premier sports entertainment organization based in the DFW. We are looking for a Governance, Risk and Compliance (GRC) Security Analyst to join our cybersecurity team. Our cybersecurity team focuses on managing cybersecurity functions across the organization, working to ensure the protection of our critical assets and data. As a GRC security analyst, you will be a valued member of a fast-paced, innovative, and collaborative cybersecurity team. The GRC security analyst position is responsible for enabling the organization to comply with industry and regulatory requirements and standards for cybersecurity. As a GRC analyst you will play a vital role in ensuring the confidentiality, integrity, and availability of our organizations information assets. You will be responsible for identifying, assessing, and managing information security risks, as well as implementing and maintaining governance frameworks to support the organization's cybersecurity objectives. The GRC security analyst is expected to support and maintain the cyber risk management strategy for the organization. Working with security leadership, the GRC security analyst will routinely assess and validate the assurance of the security program. As a primary point of contact for internal and external auditors, the GRC security analyst will monitor progress and support resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the GRC security analyst will focus on strong risk management and corporate resiliency. Essential Job Duties Conduct enterprise-wide, ongoing risk analysis in coordination with compliance and security. Maintain oversight in a GRC-related platform. Identify and address weaknesses in the security program as they relate to privacy, cyber risk, business resiliency and compliance frameworks. Document, formulate and enforce areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation. Support oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities. Escalate to security management and business unit leads when points of weakness are discovered. Analyze and document findings, and recommend and report program gaps to security leadership. Monitor current and proposed security changes impacting regulatory, privacy and security industry best practice guidance. Apply GRC expertise across key lines of business, including products, practices and procedures. Define qualitative and quantitative metrics to assess the success of the security program and provide regular reports to security and business leadership. Ensure security and technology teams maintain up-to-date configuration documentation for systems and processes. Attend and fully engage in change and project management meetings. Liaison with auditors, both internal and external, to maintain and implement controls for compliance and privacy laws. Develop and implement risk mitigation strategies and controls to address identified risks and ensure compliance with security standards and regulations. Establish and maintain information security governance frameworks, policies, and procedures to guide the organization in managing and protecting sensitive information. Act as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance and privacy laws. Perform other duties as assigned. Skills and Experience 7+ years of experience in cybersecurity, with extensive expertise in Governance, Risk, and Compliance (GRC) and deep knowledge of risk management principles. Strong business acumen and security technology skills for well-rounded proficiency, as well as proven ability to align with security practices and compliance responsibilities. Experience and understanding of various cybersecurity standards, including but not limited to ISO 27001 and NIST. Exceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the business. Ability to work independently and collaboratively in a fast-paced environment. Attention to detail and a strong commitment to maintaining the confidentiality and integrity of information assets. Additional Qualifications Prior experience with leading GRC systems from vendors such as RSA, MetricStream and Riskonnect. Demonstrated problem-solving capabilities, and ability to manage complex local and international security requirements. Self-motivated, directed and well-organized, with the vision to position controls in anticipation of threats. Successful track record of managing external entities contracts and relationships, and mitigating risks to business development opportunities. Familiarity with state, federal and international privacy laws. Education Requirements Bachelors degree in computer science, information assurance, MIS or related field, or equivalent industry experience. Certification Requirements Holds or is working toward one or more of the following: CISSP, CRISC, CGEIT or GRCP. Btechnical Group LLC

Job Tags

Similar Jobs