Information Security Governance Risk Compliance Analyst

Information Security Governance Risk Compliance Analyst

Direct hire

Position Description:

We are looking for an Information Security Governance Risk Compliance Analyst to join our IT Team to improve infrastructure in our Detroit office. The candidate must have a bachelor's degree in Computer Science with a focus on Cybersecurity or a closely related field and 3-5 years of experience. Operation knowledge of Azure, O365, CrowdStrike, KnowBe4, Mimecast, ZenGRC , and Archer. Candidate should also have strong leadership and project management skills, with the ability to manage multiple priorities and deliver results within deadlines. The candidate must also be self-motivated, work well with others, and have excellent writing, organizational, and communication skills. A flexible hybrid-remote work schedule is available after 30 days of employment.

Typical responsibilities include:

Responsible for monitoring and tracking regulatory changes, ensuring that the organization remains compliant with all relevant laws, standards and industry regulations.

Conduct comprehensive risk assessments to identify potential threats and vulnerabilities within the organization s operations.

Assist in the development, implementation, and revision of corporate policies and procedures to align with the best practices and compliance requirements.

Collaborate with internal and external audit teams, providing documentation and evidence as needed to demonstrate compliance and adherence to governance standards.

Assist in the development and maintenance of incident response plans to effectively address and mitigate security incidents or compliance violations.

Prepare and distribute regular reports to IT & IT Security leadership as well as business leadership summarizing risk assessments, compliance status, and recommendations for improvement.

Assist IT Security operations in the development and delivery of training programs to educate users on governance, risk, and compliance matters, fostering a culture of awareness and accountability.

Identify opportunities for enhancing governance processes and recommend improvements to reduce risk exposure and enhance operational efficiency.

Maintain a safe working environment.

Education:

Bachelor's degree in Computer Science with a focus on Cybersecurity or a closely related field is required.

Certifications in ISC2 CGRC (formerly CAP) or ISACA CISA are required.

Certifications in ISC2 CISSP, and ISACA CRISC are not required, but preferred.

Skills/Expereince:

Minimum of 3 years of related experience

Strong leadership and project management skills, with the ability to manage multiple priorities and deliver results within deadlines is required

Strong operating knowledge of platforms such as Azure, O365, CrowdStrike, KnowBe4, Mimecast, ZenGRC , and Archer

Excellent communication and interpersonal skills, with the ability to communicate complex security concepts to both technical and non-technical audiences is required

Excellent organizational skills in order to accommodate multiple tasks simultaneously

Excellent understanding of technology infrastructure and systems, including networks, databases, and cloud computing is required

Maintain a professional demeanor at all times and be conscious of confidentiality issues when dealing with individuals at all levels

Must be easily understood by other employees, clients, and vendors

Strong analytical and problem-solving skills, with the ability to assess risks and develop practical solutions

Professional certifications in information security, such as ISC2 CISSP, ISACA CRISC, ISACA CISA, and ISC2 CGRC (formerly CAP) are highly desirable