Security Analyst, Governance, Risk & Compliance
Company: firstPRO Inc.
Posted on: November 24, 2022
firstPRO is now accepting resumes for a Security Analyst with a
focus on Governance, Risk & Compliance. This position will be
performed 100% remotely, but may need to travel to Greensboro, NC a
couple times per year. (All expenses paid) This is a perm hire
opportunity that comes with salary and benefits.
Update the risk register with an accurate rating of register
entries based on acceptable risk levels and progress mitigating
Lead and manage the third-party risk management function of the
information security risk management program to ensure vendor
security risks are identified and monitored.
Use established methods to assess risk both qualitatively
(impact/probability) to establish a risk rating and quantitatively
to show the impact in dollars of a realized risk (SLE/ALE), and to
determine the cost of addressing risk such that residual risk is at
an acceptable level.
Contribute to security architecture, monitoring and risk handling
by evaluating and making recommendations to management regarding
the adequacy of the security controls for TFM's information and
Lead the system-wide information security compliance program,
ensuring IT activities, processes, and procedures meet defined
requirements, policies and regulations.
Develop and implement effective and reasonable information security
and privacy policies aligned with adopted and approved frameworks.
Present new and changed policies to the information security board
for approval and once approved, communicate to the company.
Execute strategy for managing compliance with the following or
similar frameworks: PCI DSS, NIST-CSF, NIST-RMF, etc.
Manage and continuously improve TFM's security awareness program.
Plan, track progress and report on security awareness training
compliance and provide thought leadership regarding the content of
upcoming training for the company.
Communicate the value of security awareness on an ongoing basis.
Provide input on the direction of security tests, report results
and recommend appropriate remedial training for test failures.
Perform as audit liaison between IT and auditors for any external
audits. Work with auditors as appropriate to keep audit focus in
scope, maintain excellent relationships with audit entities and
provide a consistent perspective reflective of TFMs culture.
Provide guidance, evaluation and advocacy on audit responses
Conduct periodic self-assessments against stated policy and adopted
frameworks to ensure compliance is being maintained at all
At a minimum, what you'll need:
--- B.S. Degree. Cybersecurity or IT discipline preferred.
--- Minimum of 5 years of combined experience in Information
security, compliance, technology audit, or a related field.
--- Minimum of 5 years working on an information security risk
management program or team in positions of increasing
--- Minimum of 2 years experience working with one or more of the
following frameworks: PCI, NIST-CSF, NIST-RMF, ISO 27001.
--- Minimum of 1-year experience using an IRM/GRC tool (e.g.
Archer, Resolver, Ostendio, KCM) to administer and maintain an
information security risk management program.
--- Minimum of one of the following security certifications: GRCP,
CRISC, PMI-RMP, CISSP, CRMA, CASP+, Security+ or other relevant
--- Experience working within a hybrid on-prem / cloud IT
--- Strong written and verbal communication skills.
--- Experience working in a collaborative team environment.
Job Type: Full-time
Pay: $120,000.00 - $140,000.00 per year
* 401(k) matching
* Dental insurance
* Flexible schedule
* Health insurance
* Life insurance
* Paid time off
* Vision insurance
* Yearly pay
* 5 years
* 8 hour shift
* Monday to Friday
Work Location: Remote%58047475%
Keywords: firstPRO Inc., Greensboro , Security Analyst, Governance, Risk & Compliance, Professions , Greensboro, North Carolina
Didn't find what you're looking for? Search again!