Senior GRC Analyst

Role: Senior GRC Analyst

Employment Type: Full-Time

Location: Deerfield, FL 33442 (Hybrid 3 Days Onsite and 2 Days Remote)

Work Model: Hybrid

Duration: Permanent

Must haves:

• IT Audit experience - someone coming from an IT auditor background would be great
• Bachelors degree

Responsibilities:

• Conduct Third-Party Risk assessments and manage Infosec Third-Party Risk Management (TPRM) program.
• Communicates risk assessment findings to information security "customers, or business partners.
• Provides consultative advice to information security customers that enables them to make informed risk management decisions.
• Maintain risk management initiatives in GRC/TPRM platform(s).
• In-depth knowledge of information security management system standards (e. g. SOC 2), frameworks, information technology regulatory and compliance requirements (e. g., PCI-DSS, GDPR, CCPA, HIPAA,), and industry best practices, particularly around TPRM.
• Performs focused risks assessments of existing or new services and technologies.
• Identifies and implements appropriate controls to effectively manage information risks as needed.
• Identifies opportunities to improve risk posture, developing solutions for remediating or mitigating risks and assessing the residual risk.
• Maintains strong working relationships with individuals and groups involved in managing information risks across the organization.
• Work closely with Information Security Architecture, Engineering, and relevant operational teams to gather data and insights leading to holistic risk security awareness.
• Conduct periodic internal assessments for security risk.
• Conduct ongoing research to keep current of latest security issues, threats, and technical capabilities.
• Perform other essential duties as assigned.

Desired Skills:

• Working knowledge of Third-Party Risk Management (TPRM) program tools, such as ProcessUnity/Prevalent.
• An ability to identify and assesses the severity and potential impact of risks and communicate risk assessment findings to risk owners outside Information Security in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
• Knowledge of security and privacy frameworks (e.g., NIST CSF, 800-53, CIS CSC, COBIT, CCPA, HIPAA, ISO 27001/2).
• Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
• An understanding of business needs and commitment to delivering high-quality, prompt, and efficient service to the business.

Qualifications/Requirements:

• 8 years of experience within large scale information security risk management programs.
• 8 years of Information Technology and/or Information Security experience.
• Strong grasp of key elements for a successful Risk Management Program and related frameworks or standards (e. g. NIST, ISO, COBIT), particularly as it relates to running a Third-Party Risk Management (TPRM) program.
• Demonstrated knowledge of a broad range of technical concepts: logical access control, agile development process/DevSecOps, secure coding principles, security architecture frameworks and methods, information security, network security, and privacy.
• Experience with interpreting results of scanning and compliance tools such as Qualys/Nessus/Rapid7/Laceworks as it pertains to documenting information security risk(s).
• Strong organizational skills with ability to thrive in a sense-of-urgency environment, leveraging best practices, and approaching any problem as a team-player with a can-do attitude.
• Excellent written and verbal communication skills and ability to interface with all levels of business and executive leadership.
• Excellent analytical, problem solving, and decision-making skills, applied with a solution-focused attitude.
• Strong self-directed work habits, exhibiting initiative, drive, creativity, maturity, self-assurance and professionalism.
• Demonstrated ability to troubleshoot complex problems and recommend appropriate actions.

Dexian stands at the forefront of Talent Technology solutions with a presence spanning more than 70 locations worldwide and a team exceeding 10,000 professionals. As one of the largest technology and professional staffing companies and one of the largest minority-owned staffing companies in the United States, Dexian combines over 30 years of industry expertise with cutting-edge technologies to deliver comprehensive global services and support.  
 
Dexian connects the right talent and the right technology with the right organizations to deliver trajectory-changing results that help everyone achieve their ambitions and goals. To learn more, please visit https://dexian.com/.

Dexian is an Equal Opportunity Employer that recruits and hires qualified candidates without regard to race, religion, sex, sexual orientation, gender identity, age, national origin, ancestry, citizenship, disability, or veteran status.