Senior IT GRC Analyst

Arlington, TX - USA

Monthly Salary: Not Disclosed

Posted on: 30+ days ago

Vacancies: 1 Vacancy

Job Summary

Senior IT GRC Analyst

Job Description

Overview

CoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information analytics and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100 CoStar Group is on a mission to digitize the worlds real estate empowering all people to discover properties insights and connections that improve their businesses and lives.

We have been living and breathing the world of real estate information and online marketplaces for over 35 years giving us the perspective to create truly unique and valuable offerings to our customers. Weve continually refined transformed and perfected our approach to our business creating a language that has become standard in our industry for our customers and even our competitors. We continue that effort today and are always working to improve and drive innovation. This is how we deliver for our customers our employees and investors. By equipping the brightest minds with the best resources available we provide an invaluable edge in real estate.

As a leading member of the CoStar Group IT Governance Risk and Compliance (GRC) Team you will support the implementation of our security governance program and help drive meaningful and impactful change. You will be a key part of a growing team collaborating with a broad set of stakeholders ranging from colleagues and management in Cybersecurity Information Technology Operations Product & Development Human Resources Finance and Sales.

This position is located in Arlington VA or Richmond VA and is in office Monday through Thursday with the option to work from home on Friday.

Responsibilities

Lead third-party risk assessments for new and existing vendors including security questionnaires SOC report reviews risk scoring and reporting.
Collaborate with stakeholders in Legal Finance and Information Technology to ensure vendor contracts meet security and compliance requirements.
Maintain and enhance our third-party risk management framework aligned with industry standards and requirements such as ISO 27001 SOC 2 Type 2 PCI-DSS and Sarbanes-Oxely.
Utilize GRC toolsets and streamline processes and manage the assessment tracking reporting and monitoring of our third-party information security supply-chain at scale.
Communicate and drive change through clear articulation of risk findings and recommendations to both technical and non-technical audiences.

Basic Qualifications

A track record of commitment to prior employers
5 years of experience in Information Security Risk Management or GRC roles with a strong focus on third-party/vendor risk.
Deep understanding of ISO/IEC 27001 with experience developing control sets and the application of those control sets within a fast-paced corporate environment.
Fluency in SOC 2 Type 2 and SOC 1 Type 2 reports SIG CSA CAIQ particularly with regards to the utilization of these artifacts in the context of a risk assessment.
Strong communication analytical and project management skills.
Bachelors degree from an accredited not for profit university or college (preferably in Information Systems Cybersecurity or a related field).

Preferred Qualifications and Skills

Certifications such as CISA CISM CISSP CRISC or ISO 27001 Lead Implementer
Experience with GRC platforms such as Hyperproof OneTrust Drata etc.
Familiarity with SaaS governance and best practices.
Experience supporting compliance audits and client security questionnaires.

Whats in it for You

When you join CoStar Group youll experience a collaborative and innovative culture working alongside the best and brightest to empower our people and customers to succeed.

We offer you generous compensation and performance-based incentives. CoStar Group also invests in your professional and academic growth with internal training and tuition reimbursement.

Our benefits package includes (but is not limited to):

Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
Life legal and supplementary insurance
Virtual and in person mental health counseling services for individuals and family
Commuter and parking benefits
401(K) retirement plan with matching contributions
Employee stock purchase plan
Paid time off
Tuition reimbursement
On-site fitness center and/or reimbursed fitness center membership costs (location dependent) with yoga studio Pelotons personal training group exercise classes
Access to CoStar Groups Diversity Equity & Inclusion Employee Resource Groups
Complimentary gourmet coffee tea hot chocolate fresh fruit and other healthy snacks

We welcome all qualified candidates who are currently eligible to work full-time in the United States to apply. However please note that CoStar Group is not able to provide visa sponsorship for this position.

#LI-AR

CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing

Required Experience:

Senior IC

Senior IT GRC AnalystJob DescriptionOverviewCoStar Group (NASDAQ: CSGP) is a leading global provider of commercial and residential real estate information analytics and online marketplaces. Included in the S&P 500 Index and the NASDAQ 100 CoStar Group is on a mission to digitize the worlds real esta...

Senior IT GRC Analyst

Job Description

Overview

This position is located in Arlington VA or Richmond VA and is in office Monday through Thursday with the option to work from home on Friday.

Responsibilities

Lead third-party risk assessments for new and existing vendors including security questionnaires SOC report reviews risk scoring and reporting.
Collaborate with stakeholders in Legal Finance and Information Technology to ensure vendor contracts meet security and compliance requirements.
Maintain and enhance our third-party risk management framework aligned with industry standards and requirements such as ISO 27001 SOC 2 Type 2 PCI-DSS and Sarbanes-Oxely.
Utilize GRC toolsets and streamline processes and manage the assessment tracking reporting and monitoring of our third-party information security supply-chain at scale.
Communicate and drive change through clear articulation of risk findings and recommendations to both technical and non-technical audiences.

Basic Qualifications

A track record of commitment to prior employers
5 years of experience in Information Security Risk Management or GRC roles with a strong focus on third-party/vendor risk.
Deep understanding of ISO/IEC 27001 with experience developing control sets and the application of those control sets within a fast-paced corporate environment.
Fluency in SOC 2 Type 2 and SOC 1 Type 2 reports SIG CSA CAIQ particularly with regards to the utilization of these artifacts in the context of a risk assessment.
Strong communication analytical and project management skills.
Bachelors degree from an accredited not for profit university or college (preferably in Information Systems Cybersecurity or a related field).

Preferred Qualifications and Skills

Certifications such as CISA CISM CISSP CRISC or ISO 27001 Lead Implementer
Experience with GRC platforms such as Hyperproof OneTrust Drata etc.
Familiarity with SaaS governance and best practices.
Experience supporting compliance audits and client security questionnaires.

Whats in it for You

When you join CoStar Group youll experience a collaborative and innovative culture working alongside the best and brightest to empower our people and customers to succeed.

We offer you generous compensation and performance-based incentives. CoStar Group also invests in your professional and academic growth with internal training and tuition reimbursement.

Our benefits package includes (but is not limited to):

Comprehensive healthcare coverage: Medical / Vision / Dental / Prescription Drug
Life legal and supplementary insurance
Virtual and in person mental health counseling services for individuals and family
Commuter and parking benefits
401(K) retirement plan with matching contributions
Employee stock purchase plan
Paid time off
Tuition reimbursement
On-site fitness center and/or reimbursed fitness center membership costs (location dependent) with yoga studio Pelotons personal training group exercise classes
Access to CoStar Groups Diversity Equity & Inclusion Employee Resource Groups
Complimentary gourmet coffee tea hot chocolate fresh fruit and other healthy snacks

#LI-AR

CoStar Group is an Equal Employment Opportunity Employer; we maintain a drug-free workplace and perform pre-employment substance abuse testing

Required Experience:

Senior IC