Senior Analyst GRC

As a Senior Security Engineer II GRC in Governance, Risk, and Compliance (GRC) - Risk Management, you will be instrumental in the design, implementation, and enhancement of risk management and compliance frameworks that protect our organizations digital assets. This role emphasizes strategic risk planning, policy development, and compliance management, with a focus on maintaining a strong risk posture and meeting regulatory requirements.

Key Responsibilities:

• Facilitate the development and implementation of advanced risk management frameworks to effectively identify, assess, and mitigate potential risks within the organizations infrastructure and operations.
• Conduct thorough assessments to identify vulnerabilities, ensuring compliance with internal policies and external regulations. Collaborate with internal and external auditors to facilitate audits and manage required remediations.
• Contribute to the evolution of GRC policies and procedures, ensuring that they support effective risk management and adherence to relevant regulations and standards.
• Collaborate closely with IT, legal, and cross-functional teams to integrate risk management and compliance measures into business processes, aligning with organizational objectives.
• Maintain detailed documentation of risk management activities, compliance audits, and GRC policies, ensuring accuracy and transparency to support accountability.
• Oversee responses to GRC-related incidents, ensuring prompt and effective remediation while monitoring for emerging risks and opportunities for improvement.
• Provide expert guidance on GRC initiatives, staying informed about industry trends, technologies, and regulatory changes. Share knowledge and best practices with team members and stakeholders.
• Design and deliver advanced training programs to enhance employee awareness of risk management and compliance best practices, fostering a culture of security and compliance.

Basic Qualifications:

• Bachelors degree in Computer Science, Information Technology, Cybersecurity, or relevant experience
• A minimum of 5 years of experience in risk management, governance, and compliance within an enterprise environment.
• Proven experience in risk assessment, risk analysis, and implementing effective risk mitigation strategies.
• Solid understanding of risk management frameworks and methodologies (e.g., ISO 31000, NIST Risk Management Framework).
• Familiarity with GRC tools and platforms.
• Knowledge of regulatory and compliance requirements (e.g., GDPR, HIPAA, SOX).
• Proficient in developing and implementing risk management policies and procedures.
• Strong analytical and problem-solving capabilities.
• Excellent communication skills with the ability to convey complex risk-related information to stakeholders at various levels.
• Relevant certifications such as Certified Information Systems Auditor (CISA) or Certified in Risk and Information Systems Control (CRISC) are preferred.

Preferred Qualifications:

• Masters degree in a related field.
• 5-7 years of experience in risk management or a related field with a focus on governance and compliance.
• Experience managing risk assessment projects and initiatives.
• Advanced knowledge of security and risk management frameworks and standards (e.g., NIST, ISO 27001, COBIT).
• Expertise in GRC platforms and tools
• Deep understanding of emerging technologies and their impact on risk and compliance.
• Advanced proficiency in both quantitative and qualitative risk assessment methods.
• Strong leadership and project management skills, with experience managing cross-functional teams and large-scale initiatives.
• Exceptional interpersonal and communication skills, with a proven ability to build relationships with senior stakeholders.
• Advanced or specialized certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).
• Experience with automation and scripting for risk management processes.
• Ability to design and implement comprehensive GRC architectures and frameworks.