Senior GRC Analyst

What You'll Do

• Review the current documents to identify and prioritize the requirements for revisions.
• Create new security policies, standards, and responsibility models to clearly define the organization's security practices and responsibilities.
• Assess, deploy, and manage the GRC tool to streamline the GRC processes.
• Establish and oversee the policy and standards attestation process involving all stakeholders.
• Establish and oversee the process for policy and standards exceptions.
• Develop and oversee a Cybersecurity Awareness Training program.
• Facilitate document development and revision through meetings and workshops with SMEs, and secure consensus from their leadership.
• Develop questionnaires to evaluate the compliance of existing cybersecurity policies and standards and identify gaps in the organization’s Cybersecurity Risk Register.
• Oversee the management of cybersecurity controls and framework implementation, along with continuous maintenance.
• Develop and maintain an inventory of cybersecurity controls aligned with industry standards (e.g., NIST, SOC2, ISO 27001, CIS) and regulatory requirements (e.g., GDPR, CCPA, and SOX).

What You'll Need

• Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering, or a related field.  
• 5+ years of experience in information technology or information security, including over 3 years of experience authoring security policies, standards, and procedures. 
• A strong understanding of cybersecurity controls, risk mitigation strategies, and their application for data protection and privacy compliance. 
• Security and compliance certifications, such as CISSP, CISA, CISM, CGEIT, or CRISC, are preferred.
• Prior experience leading the evaluation, implementation, and administration of a GRC tool is highly preferred.


Technical Knowledge 
• The candidates MUST possess a solid working knowledge of: 
• Identity and access management and governance concepts and technologies, such as Microsoft Entra, Active Directory, PAM, etc. 
• Vulnerability management platforms such as Rapid7 and Wiz. 
• IT asset management, Configuration Management Databases (CMDB), and network asset discovery tools.  
• Control frameworks and objectives (e.g., NIST CSF, NIST RMF, PCI-DSS, SOX, SOC 2, GDPR, CCPA, etc.). 
• Operating systems, databases, and middleware components. 
• Performing compliance and risk assessments. 
• Management of IT and security projects.  
• Jira, Slack, and Office 365 tools (including Word, Excel, SharePoint, OneDrive, Teams, and PowerPoint). 


Work Environment Characteristics 
• Self-motivated and results-oriented, with the ability to prioritize conflicting tasks. 
• Exceptional organizational skills for balancing work and leading projects. 
• Strong verbal and written communication skills.  
• The candidate must build consensus, collaborate, and establish strong relationships with various internal and external stakeholders (business, development, security, auditors, legal, etc.). 
• Ability to adapt and apply information to new situations and technologies.
Business Wire will not sponsor a new applicant for employment authorization for this position.


What We Offer
The base salary range for this position is $155K to $165K/year.  Offered salary will be determined by several factors, including but not limited to: applicant’s education, experience, knowledge, skills and abilities, as well as internal equity and alignment with geographic market data.  Business Wire reserves the right to modify this salary range at any time.


• Business Wire’s total rewards include:
• Ability to work remotely
• Excellent health benefits that begin on your first day of employment
• $100 monthly fitness allotment, a tuition reimbursement program, and enhanced mental health resources
• 401(k) plan with generous company match, and annual profit sharing contribution (subject to company performance)
• PTO, Floating Holidays, Wellness Day Off, Birthday Day Off, and more!