Senior GRC InfoSec Analyst

Senior GRC InfoSec Analyst

Direct Hire (No C2C or third-party submissions)

Location: Plano 75093

Schedule: 2 days onsite weekly

Interview Process: 1st round is onsite; 2nd round virtual

Summary

Responsible for driving the development, implementation, communication, and maintenance of technology policies, standards, and procedures that align with industry standards and regulatory requirements. Ensures technology processes adhere to regulatory requirements, effectively manage risks, and establish strong governance practices. Develops and implements controls, monitors compliance, and supports risk management activities.

Requirements:

• Bachelor’s Degree in Information Security, Computer Science, Information Technology, or a related field preferred.
• Minimum of six (6) years’ experience working in Cybersecurity GRC, policy development, risk management, or a similar field.
• Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust).
• Proficiency in using data analysis and reporting tools (e.g., Excel, Power BI).
• Relevant certifications such as CISM and/or CISA are highly desirable.

Other must haves:

• Experience managing policy governance function such as leading policy updates, installing new policy, aligning regulatory & best practices
• Technical Process – needs expertise around understanding of alignment & frameworks and will be working with Product Owner
• Regulatory Frameworks

Preferred:

• Financial services or banking background
• ServiceNow IRM (Integrated Risk Management) experience

Duties:

• Lead the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines.
• Continuously evaluate and update cybersecurity and IT policies to ensure they remain current and effective.
• Ensure policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX, PCI-DSS).
• Collaborate with cross-functional teams—including IT, legal, compliance, and other departments—to ensure cybersecurity policies align with business objectives.
• Translate complex information and documentation into clear, user-friendly concepts.
• Provide specialized expertise and consultation to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommend prioritized, actionable solutions to mitigate risks and enhance overall security posture.
• Stay informed about the latest cybersecurity threats, trends, and best practices. Maintain accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses.
• Benchmark organizational policies against industry standards and best practices.
• Develop and implement governance frameworks for cybersecurity policy management.
• Monitor key performance indicators, conduct gap analyses and risk assessments, and implement frameworks as needed. Test and monitor the effectiveness of controls.
• Establish feedback loops and analyze metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats.
• Lead and support internal and external audits and assessments of cybersecurity policies and practices. Ensure identified audit and assessment findings are tracked to closure.
• Maintain comprehensive documentation of all cybersecurity policies, procedures, and related activities. Communicate policy requirements and updates to all relevant stakeholders.
• Identify opportunities for innovation and improvement in cybersecurity policy and practice. Propose suitable mitigation strategies and verify the effectiveness of remediation plans.