IT GRC Analyst

Job Summary:

The North End Teleservices GRC Analyst optimizes the organizations cybersecurity posture via governance risk and compliance (GRC) activities. The position ensures that the organization operates within regulatory requirements manages risks effectively and follows internal governance policies while performing certain functions to analyze audit and manage systems and processes intended to align the organization with cyber security standards such as NIST and other similar frameworks as mandated by the business. The role is a hands-on function that performs work related to controls and objectives while helping to establish and enforce company policies security frameworks and best practices that align with business goals and industry standards. The role also includes the identification assessment and mitigation of risks related to cybersecurity data protection and operational processes.

Key Responsibilities:

• Development alignment maintenance and regular audit of policies related to cyber security and risk including:
  • Information Security Policy (annual review)
  • Business Continuity Plan (annual review)
  • Disaster Recovery Plan (annual review)
  • Incident Response Plan (annual review)
  • Risk Management Program (annual review)
  • Acceptable Use Policies (annual review)
  • Removeable Media Policy (annual review)
  • Technology Control Plan (annual review)
  • Security Awareness and Training Policy (annual review)
  • Media Marking and Handling Policy (annual review)
  • AI Policy (annual review)
  • Other policies as assigned
• Development alignment maintenance and audit of procedures that impact cyber security controls including:
  • Access Control Procedure
  • Operational Change Management Procedure
  • Network Access Management Procedure
  • Log Management Procedure
  • Other procedures as assigned
• Management execution and follow-up related to recurring functions as assigned including:
  • Security Awareness Training campaigns (quarterly)
  • Vulnerability Assessments reviews (monthly)
  • Log Management procedures (weekly)
  • Risk Register meetings (quarterly)
  • Tabletop exercises (annually)
  • Active network user audits (monthly)
  • Approved application audits (annually)
  • Review of employee cybersecurity training/acknowledgement program (annually)
  • Public-facing Resources Audit (annually)
  • Security Controls Assessment (annually)
  • User Access Review (annually)
  • Power continuity review (annually)
  • All aspects of Risk Management Program (as needed)
  • Other functions as assigned (as needed)
• Execution of ad hoc cybersecurity tasks as needed
  • Routine maintenance of policies and procedures in line with business changes
  • Response to cybersecurity incidents related logging forensics and action
  • Review of CISA alerts and associated Risk Register updates
  • Cybersecurity projects as assigned
  • Cybersecurity partnership management and optimization
  • Operational Change Management review discussions and form completion as needed
  • Periodic cybersecurity training for team members
  • Meetings and related follow-up
  • Cybersecurity support for customer inquiries and sales opportunities
  • Other tasks as assigned
• Management of certain platform software and documentation as assigned including:
  • Security Awareness Training Platform
  • Password Vault Platform
  • Section 508 Accessibility Platform
  • Other platforms as assigned
  • Governance Risk and Compliance documentation

Please note this job description is not designed to cover or contain a comprehensive listing of activities duties or responsibilities that are required of the employee for this job. Duties responsibilities and activities may change at any time with or without notice.

Technical Skills:

• Knowledge of Security Frameworks & Regulations Understanding of ISO 27001 NIST 800-X CMMC SOC 2 HIPAA PCI DSS and GDPR.
• Risk Management Ability to conduct risk assessments identify vulnerabilities and implement mitigation strategies.
• Compliance Auditing Experience with internal/external audits compliance reporting and policy documentation.
• GRC Tools & Platforms Familiarity with cyber security tools related to functions such as security awareness training log management vulnerability assessment and other functions
• Security & IT Fundamentals Understanding of cybersecurity principles cloud security (AWS Azure GCP) and identity & access management (IAM).

Analytical & Problem-Solving Skills:

• Risk Analysis Ability to evaluate threats vulnerabilities and business impact.
• Data Interpretation Analyzing compliance reports audit findings and security metrics to improve risk posture.

Soft Skills:

• Communication & Reporting Ability to explain complex compliance requirements to technical and non-technical stakeholders.
• Organization Ability to manage job functions proactively with maximum efficiency and results
• Attention to Detail Ability to perform job functions thoroughly with outcomes that align with business needs.
• Project Management Ability to define project targets and coordinate resources for successful execution
• Relationships Ability to develop professional relationships and lead discussions that foster collaboration on cyber security initiatives.

Employees will follow the work schedule assigned and must comply with the attendance and established punctuality requirements. Maintaining regular attendance and punctuality is crucial for this position. Understanding the importance of attendance and showing up for the job every day lays the foundation for our success as a team and your successful career.

Key Qualifications:

• Bachelors degree in Information Security Business Information Systems or related field preferred.
• 14 years of experience in GRC cybersecurity audit or risk management (depending on level).
• Experience with GRC tools (e.g. ServiceNow GRC Archer OneTrust LogicGate Drata Vanta).
• Strong organizational and time management skills.
• Proficiency with Microsoft Office Suite (Word Excel PowerPoint) and video conferencing tools.
• Excellent verbal and written communication skills.
• Strong understanding of risk management principles and compliance frameworks.
• Excellent analytical documentation and report-writing capabilities.
• Ability to work cross-functionally and communicate with both technical and non-technical stakeholders.
• Strong organizational skills and attention to detail.
• Familiarity with security concepts (identity management access controls network security etc.).

Attendance and Punctuality:

Regular attendance and punctuality are vital attributes for all employees and critical for our staff as we are the role models for our organization and future leaders. It is important for employees to attend work regularly and to arrive at work on time because failure to do so detrimentally affects employee morale and productivity throughout North End Teleservices LLC.

DEI Competencies:

Diversity equity and inclusion as a leadership competency is a measure of

success within NET.

Cultural competence:

• Understand multiple frameworks values and norms.
• Demonstrates an ability to flex style when faced with myriad dimensions of culture to be effective across cultural contexts.
• Negotiation: Negotiates and facilitates cultural differences conflicts tensions or misunderstandings.
• Judgement: Can discern when to inquire advocate drive or resolve more decisively.
• Continuous learning: Commits to continuous learning / improvement in diversity inclusion and cultural competence.
• Corporate communications: Acknowledge and address possible unfavorable impact.
• Corporate Social Responsibility: Influences media and marketplace via communication and community outreach to competitively position the organization.
• Brand Management: Identifies partners and leverages relationships with key external diverse suppliers organizations and customers to: Enhance the supply chain Increase market share revenues and loyalty.
• External Market Knowledge: Understands and is current on global and local trends/ changes and how they inform and influence D&I.
• Supplier Diversity: Identifies partners and leverages relationships with key external diverse suppliers organizations and customers to: Enhance the supply chain Increase market share revenues and loyalty

North End Teleservices is an equal opportunity employer and is committed to diversity in its workforce. North End Teleservices recruits qualified applicants without regard to characteristics such as race color national origin religion gender gender identity sexual orientation disability veteran status age marital status citizenship status or any other status protected by law.

Required Experience:

IC