Purpose of the Position:

The Sr. Governance, Risk, and Compliance (GRC) Analyst will be responsible for overseeing IT security functions and maintaining systems, providing technical guidance to the team. They will lead day-to-day cyber compliance, data governance, and cyber risk management activities, assessing and documenting the company's compliance and risk posture related to information assets.

Key Responsibilities:

Functional:

• Develop and maintain the company's governance, risk, and compliance program.
• Assess and document the company's compliance and risk posture regarding information assets.
• Develop policies, procedures, standards, guidelines, and controls to ensure compliance with applicable laws, regulations, and industry best practices.
• Work with internal stakeholders to ensure effective implementation of policies, procedures, standards, guidelines, and controls.
• Collaborate with external auditors to ensure compliance with applicable laws, regulations, and industry best practices.
• Lead pen testing and remediation activities.
• Manage vendor risk.
• Provide guidance on audit responses.
• Assess computer hardware, software, and systems for security risks or violations.

Support Institutional Initiatives:

• Stay updated with institutional goals, objectives, and progress.
• Participate in institutional sponsored activities and initiatives.
• Support change initiatives within the organization.

Compliance:

• Adhere to all federal and state compliance requirements and regulations.
• Communicate compliance requirements effectively and escalate concerns promptly.

Work Experience, Skills & Abilities:

Minimum Requirements:

• Bachelor's degree in computer science or related field.
• 7 years of experience in Information Security.
• Experience with application pen testing, tracking, and reporting.
• Experience developing governance, risk, and compliance programs.
• Ability to influence and assist in developing processes, policies, controls, and metrics for compliance.
• Strong knowledge of information security principles, best practices, and frameworks.
• Excellent problem-solving skills.
• Experience with Secure SDLC programs and secure code practices.
• Experience with Security Awareness Training programs and vulnerability management.

Preferred Requirements:

• Industry certifications preferred: CISSP, CISA, CISM.
• Proficiency in MS Office and other business tools.
• Ability to support a diverse and inclusive work environment.