<p>As a GRC Analyst I, you will partner with internal and external teams to understand, interpret and analyze Governance, Risk, and Compliance domains to enable our business partners to understand, adopt and mature new policies, standards and procedures. Collaborating with our business partners, you will maintain the Risk Management Framework (RMF) and methodology by periodically reviewing the risk framework relative to emerging trends and threats, changes in the organizational landscape & risk management best practices, and adjust the framework and methodology, as necessary.</p> <p>The Gig:</p> <ul> <li>Implement security program using industry standard frameworks that align to regulatory requirements and business objectives. </li><li>Perform risk analysis for systems, processes, third-party tools/applications, and configurations. </li><li>Improve security posture through process, policy, automation, and the continuous advancement of capabilities. </li><li>Document business ownership and responsibilities of the controls using the company's GRC tool. </li><li>Schedule and perform regular assessments (internal and external) to test effectiveness of controls. </li><li>Investigate (internal and external) information security risk and exceptions assessments. </li><li>Develop and monitor security incident management program to ensure effectiveness. </li><li>Assess incidents, vulnerability scans, patching status, secure baselines, and penetration test result. </li><li>Document and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities. </li><li>Remain current on best practices and technological advancements and acts as the technical resource for security assessment and regulatory compliance. </li></ul> <p>What You Need to Make the Cut:</p> <ul> <li>Bachelor's degree or equivalent work experience (Information Technology, Engineering, Cybersecurity, or a related technical field). </li><li>CISM, CISA or CRISC certification(s) or equivalent preferred. </li><li>Public cloud technical certifications preferred. </li><li>ITIL foundations certification preferred. </li><li>Experience testing or auditing technical controls. </li><li>Creative problem solver and desire to learn. </li><li>Strong oral and written communication skills. </li><li>Experience working in an Agile environment preferred. </li></ul> <p>The pay range for this position is 42K to 67K per year (pay to be determined by the applicant's education, experience, knowledge, skills, and abilities, as well as internal equity and alignment with market data).</p> <p>This role is eligible to participate in the annual bonus incentive plan.</p>