| We are seeking a detail-oriented and technically proficient Principal GRC Analyst to join our Information Security team with a focus on validating and testing security controls across the enterprise. This role will serve as the most senior member of a small team focused on validating the effectiveness of information security controls. It is ideal for professionals with 8 or more years of experience in GRC IT audit or cybersecurity operations who have supervised IT control testing teams and are passionate about driving continuous improvement. |
- Plan lead and execute control validation and testing activities across various domains (e.g. access management vulnerability management incident response data protection).
- Mentor junior analysts providing guidance on control validation methodologies and best practices while fostering a culture of accountability
- Provide subject matter expertise regarding information security control validation and compliance frameworks to the CDT organization and its business partners
- Document control issues and collaborate with stakeholders to develop remediation recommendations
- Develop and enhance control testing methodologies procedures and reporting mechanisms
- Prepare risk reports and dashboards for management and governance committees.
- Influence the evolution of the GRC program through maturing tools automation processes and metrics and processes.
|
- Experienced and Passionate: You are a seasoned security professional with a passion for governance risk and compliance
- Methodical and Pragmatic: You approach control testing with precision and can identify pragmatic solutions to addressing risks
- Self-Motivated and Curious: You are driven to understand the why you thoughtfully investigate complex issues and ask probing questions
- Leadership-Oriented: You demonstrate initiative and are experienced in mentoring and developing others
- Relationship Driven: You build rapport and support your team and colleagues across functions
- Influential Communicator: Whether in writing or verbally you can effectively explain technical concepts and risks to colleagues and management without excessive jargon.
|
- Bachelors degree in a technical field such as cybersecurity or business information systems
- Security certifications such as CISSP CISA CRISC Sec or CC preferred.
- Minimum 8 years experience in GRC IT audit or information security within mid-size to large corporate environment
- Proven expertise in cybersecurity frameworks such as NIST CSF or ISO 27001
- Hands-on experience in leading IT audits risk assessments or compliance programs
|
We are seeking a detail-oriented and technically proficient Principal GRC Analyst to join our Information Security team with a focus on validating and testing security controls across the enterprise. This role will serve as the most senior member of a small team focused on validating the effecti...
| We are seeking a detail-oriented and technically proficient Principal GRC Analyst to join our Information Security team with a focus on validating and testing security controls across the enterprise. This role will serve as the most senior member of a small team focused on validating the effectiveness of information security controls. It is ideal for professionals with 8 or more years of experience in GRC IT audit or cybersecurity operations who have supervised IT control testing teams and are passionate about driving continuous improvement. |
- Plan lead and execute control validation and testing activities across various domains (e.g. access management vulnerability management incident response data protection).
- Mentor junior analysts providing guidance on control validation methodologies and best practices while fostering a culture of accountability
- Provide subject matter expertise regarding information security control validation and compliance frameworks to the CDT organization and its business partners
- Document control issues and collaborate with stakeholders to develop remediation recommendations
- Develop and enhance control testing methodologies procedures and reporting mechanisms
- Prepare risk reports and dashboards for management and governance committees.
- Influence the evolution of the GRC program through maturing tools automation processes and metrics and processes.
|
- Experienced and Passionate: You are a seasoned security professional with a passion for governance risk and compliance
- Methodical and Pragmatic: You approach control testing with precision and can identify pragmatic solutions to addressing risks
- Self-Motivated and Curious: You are driven to understand the why you thoughtfully investigate complex issues and ask probing questions
- Leadership-Oriented: You demonstrate initiative and are experienced in mentoring and developing others
- Relationship Driven: You build rapport and support your team and colleagues across functions
- Influential Communicator: Whether in writing or verbally you can effectively explain technical concepts and risks to colleagues and management without excessive jargon.
|
- Bachelors degree in a technical field such as cybersecurity or business information systems
- Security certifications such as CISSP CISA CRISC Sec or CC preferred.
- Minimum 8 years experience in GRC IT audit or information security within mid-size to large corporate environment
- Proven expertise in cybersecurity frameworks such as NIST CSF or ISO 27001
- Hands-on experience in leading IT audits risk assessments or compliance programs
|
View more
View less
Job Location:
Monthly Salary:
Not Disclosed
Posted on:
1 hour ago
Vacancies:
1 Vacancy
