Senior Governance, Risk & Compliance Analyst

Summary

The Senior Governance Risk & Compliance (GRC) Analyst will ensure the integrity, confidentiality and availability of the Firm’s information via risk assessments, audits, controls testing, policy and procedure and compliance initiatives and operational duties. The successful candidate will support various GRC initiatives and work on a diverse set of security related tools and applications.

Essential Duties and Responsibilities

• Perform information security risk assessments and assess the control environment of the business processes and applications under review, including both manual and automated processes in accordance with the information security program.
• Create, analyze and develop risk assessment/audit reports and remediation plans resulting from the identification of risks and vulnerabilities discovered during audits/risk assessments.
• Lead initiatives to get the Firm compliance certifications such as ISO2700 series, NIST, etc.
• Lead client assessments of our Information Security Program.
• Lead risk assessments of third-parties as part of the Vendor Risk Management program
• Monitor and audit the Firm’s File Monitoring tool and other access control tools to ensure compliance with Firm policies and industry best practices.
• Assist in maintaining updated list of information security laws and regulations and ensure compliance.
• Provide ongoing Information Security training to Firm employees.
• Monitor various security tools and applications.
• Respond to security incidents.
• Assist with Security Operation duties.

Knowledge, Skills, and Abilities Required

• Strong knowledge of Information Security domains, concepts and principals.
• Strong knowledge of local and global Information Security, privacy and compliance regulations.
• Strong knowledge of Information Security frameworks such as ISO 27000, NIST, COSO and COBIT.
• Hands-on experience with security tools such as DLP, SIEM, NAC, A/V and EDR, etc.
• Excellent documentation skills.
• Detail-oriented and able to meet tight deadlines.
• Excellent written, verbal and interpersonal skills.
• Highly motivated self-starter with an inquisitive personality.
• Desire and ability to learn new skills and concepts.

Education and Experience

• Bachelor’s degree in related field or discipline.
• Minimum five years in Information Security environment.
• CISSP, CISA, GIAC and other Industry Certifications considered a plus.

Firm provides competitive compensation and benefits to its employees ensuring that they attract and retain the most talented individuals. The expected base salary for this role ranges from $200,000 – $210,000. The base salary offer is based on a variety of factors which includes, but is not limited to, qualifications, education and experience.

*The above is intended to describe the general content of and requirements for the performance of this job. It is not to be construed as an exhaustive statement of essential functions, responsibilities or requirements.