Sr. Security Analyst â GRC (Risk & Reporting)
Sr. Security Analyst â GRC (Risk & Reporting)
Posted on :
22-08-2025
Employer Active
1 Vacancy
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Share
Send me jobs like this
Job Alert
You will be updated with latest job alerts via emailValid email field required
Send jobs
Job Description
JOB TITLE: Sr Security Analyst GRC (Risk & Reporting)
LOCATION:Santiago DR
MODALITY: Remote
SCHEDULE: Mon - Fri 09:00 AM - 06:00 PM
GENERAL DESCRIPTION OR PURPOSE OF JOB:
The Senior Security Analyst GRC (Risk & Reporting) will lead risk management issues tracking and remediation and maintain the security metrics and reporting program. The ideal candidate is a detail-oriented professional with a strong background in IT compliance risk management and internal controls.
This role will collaborate with cross-functional teams to collect and assess evidence to satisfy security requirements. The individual must be a motivated team player with a positive attitude solid interpersonal skills and someone who can quickly take ownership within their area. The individual must be hands-on work under minimal supervision and can work in a fast-paced environment.
RESPONSIBILITIES / ESSENTIAL FUNCTIONS:
Risk Registry and Issues Management:
- Lead the development and maintenance of the Information Security risk registry ensuring that all identified risks are properly recorded assessed and monitored.
- Track issues and action plans related to risk mitigation and compliance findings.
- Follow up with control owners to ensure timely resolution of issues and deficiencies.
- Support the development and maintenance of the organizational risk appetite statement and risk tolerance levels.
Metrics and Risk Reporting:
- Regularly collect and report security metrics
- Analyze data to identify trends potential areas of concern and opportunities for continuous improvement within the Information Security program.
- Develop track and report on related to governance compliance risk and privacy program effectiveness.
- Work with Information Security Subject Matter Experts (SMEs) on more effective reporting on the Information Security posture across the enterprise.
- Ensure data integrity and accuracy in all Information Security reporting.
- Create dashboards and presentations to communicate Information Security performance risk posture and compliance status to various stakeholders including senior leadership.
While the primary role is Risk and Reporting the candidate will be asked to back up other GRC activities.
Additional Duties and Responsibilities:
- Jostens Information Security Program: Assist in the development maintenance and communication of policies standards and procedures.
- Audit/Assessments: Facilitate audits and assessments of IT programs and individual components to determine compliance with published standards (e.g. SOC2 SOX ISO27000 PCI etc.).
- Vendor Management: Assist in Third-Party Risk Management as needed
- Training: Develop plan coordinate deliver and/or evaluate training courses.
- Privacy: Coordinate with legal and IT teams on privacy requests.
- Incident response: ensure proper documentation and post-incident analysis.
Required:
Education:
- Bachelors degree in Business or Accounting Information Security Information Management Systems Cybersecurity or other applicable area or related work experience.
Experience:
- Minimum 5 years in Information Security IT Compliance IT Audit or related role
- Hands-on experience with risk management
- Experience with GRC/ third party management tools (e.g. Archer OneTrust ZenGRC Etc.)
- Strong understanding and working knowledge of risk management principles issue tracking and risk reporting
- Understanding of metrics and reporting
Professional Skills and Knowledge:
- Excellent analytical and problem-solving skills
- Strong written and verbal communication skills
- Ability to work with technical and non-technical teams.
- Ability to collaborate with cross-functional teams and external partners.
- Attention to detail with experience prioritizing and managing multiple projects with competing priorities.
- Certification applicable to a role in Information Security Governance Risk and Compliance (e.g. CISSP CISA CISM CRISC CRMA) is preferred.
Required Experience:
Senior IC
Employment Type
Full Time
Key Skills
Report This Job
Disclaimer: Drjobpro.com is only a platform that connects job seekers and employers. Applicants are advised to conduct their own independent research into the credentials of the prospective employer.We always make certain that our clients do not endorse any request for money payments, thus we advise against sharing any personal or bank-related information with any third party. If you suspect fraud or malpractice, please contact us via contact us page.
