Tech Lead

Job Summary

Information Security GRC Analyst The Information Security GRC Analyst provides expertise in the areas of Information Security policy creation and development, security awareness and training, metrics reporting, presentation development, project management, and governance of an enterprise security program. The ideal candidate has experience identifying and incorporating cyber security policy development best practices and proactively crafting policy recommendations that can be applied to technology systems and business process. RESPONSIBILITIES Develop and support information governance policies and processes in collaboration with business and technical teams that are aligned with business goals Support processes for regulatory audits and efficiency improvements in collaboration with stakeholders. Understanding of data privacy laws and regulations. Communicate effectively and actively seek alignment with business expectations Act as a liaison and conduit for information flow between the IT organization and the business Identify project issues and risks and develop risk mitigation plan to address Ensure adherence to established company and PMO and Governance processes Assist with the reporting of key performance indicators related to the information security program Prepare information security training, education, and awareness activities appropriate for campus audiences. Collaborate with information security technical experts as needed to augment or further develop information security training, education, and awareness activities appropriate for campus audiences. Maintain knowledge of PCI DSS, ISO27001, and NIST Cybersecurity Framework Perform other duties, as assigned MINIMUM REQUIREMENTS Proficiency in using GRC tools and software to streamline and automate risk and compliance processes (i.e., AuditBoard) Skilled in audit management and experience liaising with third party auditors Able to work in a complex, global environment, actively and effectively managing relationships with other business units and stakeholders Skilled in communicating technical requirements with non technical stakeholders Excellent oral and written communication skills Excellent problem solving and analytical skills Strong time management skills, including effective responsibility prioritization Strong analytical and problem solving skills to identify and assess security risks and develop appropriate mitigation strategies Familiarity with various cybersecurity frameworks such as NIST Cybersecurity Framework, ISO 27001, CIS Controls, etc.