GRC Analyst

Job Details:

We are looking for an Information Security Governance Risk Compliance Analyst to join our IT Team to improve infrastructure in our Detroit office. The candidate must have a bachelor's degree in Computer Science with a focus on Cybersecurity or a closely related field and 3-5 years of experience. Operation knowledge of Azure, O365, CrowdStrike, KnowBe4, Mimecast, ZenGRC , and Archer. Candidate should also have strong leadership and project management skills, with the ability to manage multiple priorities and deliver results within deadlines. The candidate must also be self-motivated, work well with others, and have excellent writing, organizational, and communication skills. A flexible hybrid-remote work schedule is available after 30 days of employment.

Typical responsibilities include:

• Responsible for monitoring and tracking regulatory changes, ensuring that the organization remains compliant with all relevant laws, standards and industry regulations.
• Conduct comprehensive risk assessments to identify potential threats and vulnerabilities within the organization’s operations.
• Assist in the development, implementation, and revision of corporate policies and procedures to align with the best practices and compliance requirements.
• Collaborate with internal and external audit teams, providing documentation and evidence as needed to demonstrate compliance and adherence to governance standards.
• Assist in the development and maintenance of incident response plans to effectively address and mitigate security incidents or compliance violations.
• Prepare and distribute regular reports to IT & IT Security leadership as well as business leadership summarizing risk assessments, compliance status, and recommendations for improvement.
• Assist IT Security operations in the development and delivery of training programs to educate users on governance, risk, and compliance matters, fostering a culture of awareness and accountability.
• Identify opportunities for enhancing governance processes and recommend improvements to reduce risk exposure and enhance operational efficiency.
• Maintain a safe working environment.

Education:

• Bachelor's degree in Computer Science with a focus on Cybersecurity or a closely related field is required.
• Certifications in ISC2 CGRC (formerly CAP) or ISACA CISA are required.
• Certifications in ISC2 CISSP, and ISACA CRISC are not required, but preferred.

Skills/Expereince:

• Minimum of 3 years of related experience
• Strong leadership and project management skills, with the ability to manage multiple priorities and deliver results within deadlines is required
• Strong operating knowledge of platforms such as Azure, O365, CrowdStrike, KnowBe4, Mimecast, ZenGRC , and Archer
• Excellent communication and interpersonal skills, with the ability to communicate complex security concepts to both technical and non-technical audiences is required
• Excellent organizational skills in order to accommodate multiple tasks simultaneously
• Excellent understanding of technology infrastructure and systems, including networks, databases, and cloud computing is required
• Maintain a professional demeanor at all times and be conscious of confidentiality issues when dealing with individuals at all levels
• Must be easily understood by other employees, clients, and vendors
• Strong analytical and problem-solving skills, with the ability to assess risks and develop practical solutions
• Professional certifications in information security, such as ISC2 CISSP, ISACA CRISC, ISACA CISA, and ISC2 CGRC (formerly CAP) are highly desirable.