About the Role: As a Governance, Risk, and Compliance (GRC) Security Analyst, you will play a critical role in safeguarding our organization's information assets by ensuring compliance with relevant regulations, standards, and best practices. You will be responsible for assessing risks, developing policies and procedures, and implementing controls to mitigate security threats and ensure adherence to compliance requirements. This role requires a strong understanding of information security principles, regulatory frameworks, and risk management practices. Responsibilities: Risk Assessment: Conduct comprehensive risk assessments to identify potential security vulnerabilities and threats to the organization's information assets.Compliance Management: Ensure compliance with relevant regulations such as GDPR, HIPAA, PCI-DSS, ISO 27001, and other industry-specific standards.Policy Development: Develop and maintain information security policies, procedures, and standards in alignment with regulatory requirements and industry best practices.Control Implementation: Implement and manage security controls to mitigate identified risks and vulnerabilities effectively.Security Awareness: Develop and deliver security awareness training programs to educate employees about security policies, procedures, and best practices.Incident Response: Collaborate with the incident response team to investigate security incidents, assess the impact, and implement remediation measures.Vendor Risk Management: Assess and manage security risks associated with third-party vendors and service providers.Security Audits and Assessments: Coordinate and participate in internal and external security audits, assessments, and compliance reviews.Documentation and Reporting: Maintain accurate documentation of security policies, procedures, risk assessments, and compliance activities. Generate regular reports for management and stakeholders.Continuous Improvement: Monitor emerging security threats and regulatory changes, and recommend enhancements to security controls and processes to improve the overall security posture of the organization. Requirements: Bachelor's degree in Computer Science, Information Security, or related field. Relevant certifications such as CISSP, CISA, CISM, or CRISC are preferred.Proven experience in information security, risk management, or compliance roles.Strong understanding of information security principles, standards, and best practices.Knowledge of relevant regulatory requirements and frameworks (e.g., GDPR, PCI-DSS, ISO 27001).Experience with risk assessment methodologies and tools.Excellent analytical and problem-solving skills.Effective communication and interpersonal skills, with the ability to collaborate cross-functionally.Ability to work independently and prioritize tasks in a dynamic environment.Attention to detail and a commitment to maintaining high standards of quality and compliance.Continuous learning mindset to keep abreast of the latest security trends, technologies, and regulatory changes.