Sr. GRC Analyst

Santa Clarita, CA - USA

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Role - Sr. GRC Analyst

Location Santa Clara CA

Job Description:

Excellent understanding and practical application of industry security frameworks including SANS Critical Security Controls CIS Controls ISO 27001 NIST SP 800-53 PCI DSS and SOC2.
Great understanding of IT control frameworks (COBIT) and IT general controls
Strong knowledge of information security concepts risk and controls concepts
Strong knowledge of standards such as ISO 27001/2 NIST CSF NIST 800-53 TSC 2017 (SOC2) PCI DSS etc.
Strong knowledge of security control domains such as Asset Management Configuration Management SDLC Logging and Monitoring Data Security Network Security Security Governance Identity Access Management Vulnerability Management etc.
Proficiency in a wide spectrum of technical security controls encompassing logical access control encryption data loss prevention secure coding practices security architecture vulnerability management and network security technologies.
Expert in conducting Vendor risk assessments and understand risk exposure of technology deficiencies and translating them to business impact
Strong domain experience in security risk assessments
Working knowledge of risk treatment and exception processes
Strong knowledge of Security architecture design and review including key security controls related to authorization authentication and encryption of data in transit/at rest
Ability to configure and/or maintain 3rd party customer audit management tools (such as One Trust Compliance Automation or a similar tool ) for automated evidence collection to support customer audits is a plus
Ability to configure and/or maintain 3rd party vendor risk management tools (such as One Trust vendor assessment or a similar tool ) for third party risk assessments is a plus
One or more certifications such as CISSP CISA CISM CEH ISO 27001 Lead Auditor and Lead Implementer
Open to learning and working on new domains and technology
Good written and spoken communications skills to explain and articulate technical concepts effectively to stakeholders including system engineers and auditors
Strong attention to detail and diligence

Role - Sr. GRC Analyst Location Santa Clara CA Job Description: Excellent understanding and practical application of industry security frameworks including SANS Critical Security Controls CIS Controls ISO 27001 NIST SP 800-53 PCI DSS and SOC2. Great understanding of IT control frameworks (C...

Role - Sr. GRC Analyst

Location Santa Clara CA

Job Description:

Excellent understanding and practical application of industry security frameworks including SANS Critical Security Controls CIS Controls ISO 27001 NIST SP 800-53 PCI DSS and SOC2.
Great understanding of IT control frameworks (COBIT) and IT general controls
Strong knowledge of information security concepts risk and controls concepts
Strong knowledge of standards such as ISO 27001/2 NIST CSF NIST 800-53 TSC 2017 (SOC2) PCI DSS etc.
Strong knowledge of security control domains such as Asset Management Configuration Management SDLC Logging and Monitoring Data Security Network Security Security Governance Identity Access Management Vulnerability Management etc.
Proficiency in a wide spectrum of technical security controls encompassing logical access control encryption data loss prevention secure coding practices security architecture vulnerability management and network security technologies.
Expert in conducting Vendor risk assessments and understand risk exposure of technology deficiencies and translating them to business impact
Strong domain experience in security risk assessments
Working knowledge of risk treatment and exception processes
Strong knowledge of Security architecture design and review including key security controls related to authorization authentication and encryption of data in transit/at rest
Ability to configure and/or maintain 3rd party customer audit management tools (such as One Trust Compliance Automation or a similar tool ) for automated evidence collection to support customer audits is a plus
Ability to configure and/or maintain 3rd party vendor risk management tools (such as One Trust vendor assessment or a similar tool ) for third party risk assessments is a plus
One or more certifications such as CISSP CISA CISM CEH ISO 27001 Lead Auditor and Lead Implementer
Open to learning and working on new domains and technology
Good written and spoken communications skills to explain and articulate technical concepts effectively to stakeholders including system engineers and auditors
Strong attention to detail and diligence