We are hiring a Governance, Risk, and Compliance (GRC) Analyst to join our team in Columbia, MD. The role will report to the Deputy Chief Information Security Officer. This position is located at our corporate headquarters in Columbia, MD with a hybrid schedule Mondays, Wednesdays and Thursdays on campus and Tuesdays and Fridays remote.

The Governance, Risk, and Compliance (GRC) Analyst is accountable for assessing program alignment with the established cybersecurity standards and guidelines, as well as executing the cybersecurity risk management program at Grace. This position will collaborate closely with various stakeholders to create and support security communication, awareness, and training throughout the organization. Experience with security and compliance testing is preferred.

• Develop, maintain, and support security communication, awareness, and training for audiences throughout the organization.
• Assist with the implementation of a risk management program and framework for Grace
• Support process improvement through the development of policy, guidance, and process documents in alignment with overarching cybersecurity framework and standards
• Further refine control and audit mechanisms to monitor and maintain compliance with framework and standards.
• Perform due diligence with third party vendors to ensure compliance with organization requirements.
• Assist cybersecurity personnel, resource owners, and IT staff in understanding and responding to security assessment gaps reported by the team.
• Work as a liaison with vendors and the legal and purchasing departments to establish mutually acceptable contract language aligned with the cybersecurity protection addendum.
• Work with various stakeholders to identify information asset owners to classify data and systems
• Inform, advise, and issue recommendations regarding regulatory compliance with respect to data protection laws
• Provide Cybersecurity consultancy with the IT security project Managers and wider teams for security requirements and solutions.
• Prepare executive level reports and metrics
• Perform other related duties as required by your manager.

• Bachelor's degree in Information Technology or equivalent work experience
• 4 years in a control assessment, third party risk and/or cybersecurity role or supporting role
• Excellent verbal, written and interpersonal communication skills

• Any industry recognized Information Security accreditation including CISSP, CISM, CRISC is desirable
• Knowledge of security and compliance testing IT Infrastructure, and exposure to any IT GRC tool such as Service Now will be a plus.

• Medical, Dental, Vision Insurance
• Life Insurance and Disability
• Grace Wellness Program
• Flexible Workplace
• Retirement Plans
• 401(k) Company Match - Dollar to dollar up to the first 6%
• Paid Vacation and Holidays
• Parental Leave (salaried only)
• Tuition Reimbursement