Governance, Risk & Compliance (GRC) Analyst – RSA Archer | Remote (EST Time Zone)

We are seeking a talented and passionate Security Contracts/Regulations and Third Party Security Specialist – GIS Governance, Risk & Compliance Consultant.

Overall 7 years of industry experience in security contract negotiations, security regulations research/analysis, and third-party security assessments for large global financial organizations and their Cybersecurity teams

• .Deep experience in applying knowledge of Cybersecurity policies, Cybersecurity standards, Cybersecurity controls, Cybersecurity programs and frameworks to third party security contract negotiations and international cybersecurity regulations
• .Experience with NIST CSF, ISO 27001, NIST 800.30, FFIEC, and SEC Regulation S-P industry standards, frameworks, and regulations for Information Security
• .Subject Matter Expertise in using the Standard Information Gathering Questionnaire (SIG) to conduct third party security assessments
• .Experience with evaluating SOC reports, ISO 27001 certifications, and other internationally recognized independent attestations for evaluating third party security controls
• .Proven expertise in related security domains (e.g., security risk assessments, audits, controls definition/testing, etc.)
• .Comfortable collaborating with Business and Cybersecurity leadership on security contract risks, third-party security assessment risks, and negotiating their resolution
• .Experience in IT Governance, Compliance, and Risk management processes and tools (MetricStream, RSA Archer, OneTrust or similar eGRC platforms)
• .Bachelor’s degree in Computer Science, Computer Information Systems, or an equivalent combination of education, certifications, and experience
• .Proficient use of Microsoft Outlook, Microsoft Teams, Microsoft SharePoint, and Microsoft Office 365
• .Preferred professional qualifications with certifications (CISSP, CISA, CISM, CRISC, etc.)