IT Security Associate (GRC)
Share
Job Location:
Charlotte, VT - USA
Monthly Salary:
Not Disclosed
Posted on:
6 hours ago
Vacancies:
1 Vacancy
Job Summary
Job Title: IT Security Associate (GRC)
Location: Charlotte NC 28202 (Hybrid)
Duration: 06 - 12 Months
Pay Rate: $50.00 - $56.00/- on W2
Kindly help me out with your most updated resume
Summary:
Seeking a 1st Line of Defense GRC Specialist at the Associate level who has a strong passion for Information Security risk management and is interested in building a career at a fast-growing reputable bank.
As an Associate within GRC you will play a vital role in protecting information assets by conducting comprehensive risk assessments collaborating with stakeholders and driving process improvements.
As an Associate within GRC you will play a vital role in protecting information assets by conducting comprehensive risk assessments collaborating with stakeholders and driving process improvements.
Reporting to the Head of Security Risk Assessments you will help shape the banks security risk management practices and ensure compliance with internal and external standards.
Perform information security risk assessments for new and existing SaaS and cloud-based solutions client initiatives and regulatory-driven requests.
Review and assess third party security postures by analyzing SOC 1 and SOC 2 reports ISO 27001 certifications penetration test summaries SIG responses and security questionnaires.
Evaluate SaaS architectures data flows and hosting models with particular attention to data protection encryption identity and access management logging and monitoring.
Identify control gaps assess both inherent and residual risk and partner with stakeholders to define practical mitigation strategies or compensating controls.
Translate technical and operational risks into clear business focused language that resonates with both technical and non technical audiences.
Collaborate regularly with IT business risk and compliance teams to support timely well informed decision making.
Support remediation efforts by tracking open issues validating responses and documenting outcomes through established governance processes.
Stay current with information security policies standards and procedures and help stakeholders understand how changes may impact risk assessments.
Contribute to the ongoing improvement of risk assessment processes templates and tooling.
Required Experience and Skills
2 3 years of experience in banking financial services or another highly regulated environment.
Hands-on familiarity with cloud service providers such as AWS Azure or GCP and an understanding of how SaaS applications are built on cloud infrastructure.
A solid foundation in information security principles risk assessment concepts and control-based evaluations.
Working knowledge of common security and regulatory frameworks including NIST NYDFS Cybersecurity Regulation GLBA ISO 27001 NIST CSF and data privacy regulations such as CCPA/CPRA.
Basic understanding of enterprise systems operating systems databases identity and access concepts.
Strong written and verbal communication skills with the ability to explain security risk clearly and concisely.
Comfortable working independently while also collaborating effectively across technical and business teams.
Well-organized detail-oriented and able to manage multiple assessments and competing priorities.
A strong sense of ownership and follow-through.
Ability to track and maintain risk assessment data and metrics using tools such as Microsoft Excel Jira or similar platforms.
Preferred / Nice to Have
Experience supporting third party or vendor risk management programs.
Exposure to GRC platforms or security risk assessment tools.
Experience reviewing and interpreting SOC reports.
Current or in progress security certifications (e.g. CompTIA Security CompTIA Cloud AWS Azure GCP CCSP CRISC).
Review and assess third party security postures by analyzing SOC 1 and SOC 2 reports ISO 27001 certifications penetration test summaries SIG responses and security questionnaires.
Evaluate SaaS architectures data flows and hosting models with particular attention to data protection encryption identity and access management logging and monitoring.
Identify control gaps assess both inherent and residual risk and partner with stakeholders to define practical mitigation strategies or compensating controls.
Translate technical and operational risks into clear business focused language that resonates with both technical and non technical audiences.
Collaborate regularly with IT business risk and compliance teams to support timely well informed decision making.
Support remediation efforts by tracking open issues validating responses and documenting outcomes through established governance processes.
Stay current with information security policies standards and procedures and help stakeholders understand how changes may impact risk assessments.
Contribute to the ongoing improvement of risk assessment processes templates and tooling.
Required Experience and Skills
2 3 years of experience in banking financial services or another highly regulated environment.
Hands-on familiarity with cloud service providers such as AWS Azure or GCP and an understanding of how SaaS applications are built on cloud infrastructure.
A solid foundation in information security principles risk assessment concepts and control-based evaluations.
Working knowledge of common security and regulatory frameworks including NIST NYDFS Cybersecurity Regulation GLBA ISO 27001 NIST CSF and data privacy regulations such as CCPA/CPRA.
Basic understanding of enterprise systems operating systems databases identity and access concepts.
Strong written and verbal communication skills with the ability to explain security risk clearly and concisely.
Comfortable working independently while also collaborating effectively across technical and business teams.
Well-organized detail-oriented and able to manage multiple assessments and competing priorities.
A strong sense of ownership and follow-through.
Ability to track and maintain risk assessment data and metrics using tools such as Microsoft Excel Jira or similar platforms.
Preferred / Nice to Have
Experience supporting third party or vendor risk management programs.
Exposure to GRC platforms or security risk assessment tools.
Experience reviewing and interpreting SOC reports.
Current or in progress security certifications (e.g. CompTIA Security CompTIA Cloud AWS Azure GCP CCSP CRISC).
Key Skills
- Bidding
- Economics
- Analysis
- Fact
- Fiber
- ITI
