- Professional
- Office in Phoenix
SUMMARY: The Information Security Analyst - GRC is a hybrid business and technical position within the Information Security Office requiring knowledge of information security controls and procedures, regulations, legal requirements and applicable compliance frameworks. This position is responsible for ensuring compliance, providing governance support for adhering to security and compliance standards and quantifying risk levels from aggregate security and compliance concerns.
ESSENTIAL DUTIES, RESPONSIBLITIES, AND EXPECTATIONS:
- Ensure compliance with applicable standards, such as SOX, PCI DSS, HIPAA, FERPA, CCPA, GDPR, etc. – leading the audit, evidence collection and reporting processes.
- Create and maintain internal policies, standards and security baselines, oriented toward compliance and regulatory standards – as well as, enforcement of secure practices.
- Manage risk acceptance and policy exception processes, ingesting risks and creating tracking, reporting and accountability mechanisms.
- Perform vendor and product risk assessments, to align vendors and products with applicable standards, policies and security baselines.
- Track inputs from penetration tests and vulnerability scans and create exceptions as needed and help facilitate remediation and/or risk reporting over time.
- Other duties as assigned.
SUPERVISORY RESPONSIBILITIES: None
QUALIFICATIONS: The requirements listed below are representative of the knowledge, skills, and/or abilities required to successfully perform the job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Education and Experience:
- Bachelors degree in Computer Science, Information Systems, Business or related field or equivalent work experience required.
- Requires 1-3 years of relevant IT or business experience.
- Professional certifications not required, however preference will be given to candidates with one or more relevant certifications such as CISSP, PCI DSS/QSA, CISA, CCPA, CISM, GIAC, GSEC, CEH, CNA/CCNP, CCSP, MCSE. Specific compliance or regulatory certifications are a huge plus.
Knowledge, Skills and Abilities:
- Previous experience in GRC, security or other technology roles – with solid foundation in documentation, meeting facilitation and risk reporting.
- Ability to find required answers to compliance / risk questions using existing security tools, typically starting from the SEIM.
- A strong curiosity, sense of focus and willingness to perform deep research and analysis to find and resolve issues that relate to audits / findings.
- Team player with demonstrated ability to work without guidance.
- Strong written and oral communication skills.
