Security Analyst II (GRC)

Duluth, GA 30096

Posted: 03/27/2018 Employment Type: Contract Industry: Security Engineer Job Number: 49178

Security Analyst II (GRC)


This role supports our Client’ s IT Governance Risk & Compliance (GRC) program which includes risk management, compliance management, assessments, and security awareness. This position is specifically responsible for preparing and analyzing business requests, monitoring in-scope systems, compliance operations, troubleshooting problems, identifying issues, creation of risk mitigation/treatment plans and advising users of fixes. This role partners with the business users acting as an advisor and subject matter expert for matters pertaining to control descriptions, operations and enhancement of their designated controls framework. Ensures the user community is properly trained on controls execution and follows up periodically with Internal Audit. Under general direction, ensures our IT Security Control Framework is in compliance with SOX and industry standard operating procedures. Collaborates with internal teams, IT management, Internal Audit and other stakeholders to ensure the IT compliance program and associated deliverables are met.

  • Serving as a key resource in managing risks & controls
  • Maintaining all required documentation
  • Working with IT users to complete Security & Privacy Assessments for projects
  • Work with end users to design and implement new business processes for controls that are related to the functional area supported
  • Creating or modifying documentation and workflows
  • Maintaining the security exception and findings management processes
  • Maintaining security program metrics and reporting
  • Assisting with both internal and external compliance audits
  • Assisting with Change Management and Project Management Policies, Guidelines and Procedures
  • Assisting with the Training & Awareness Program
  • Other duties as assigned

  • Bachelor’ s degree. (e.g., Information Security, Information Protection, Computer Information Systems, Computer Science, Computer Engineering, Information Systems Management) or equivalent educational or professional experience and/or qualifications
  • 5+ years of experience in Sarbanes-Oxley (SOX 404 Compliance)/COBIT/COSO compliance, IT security, and IT audit/risk management
  • Industry certification preferred (e.g., CISA, CRISC)
  • Familiarity and working knowledge of US and EU privacy laws, data protection/security regulations, and frameworks, such as NIST, COBIT, PCI DSS and ISO27001/2
  • Working knowledge of GRC tool(s)
  • Working knowledge of classic compliance techniques
  • Working knowledge of Support Desk/Incident Management systems
  • Knowledge of SIEM tools, Incident Response and Forensics
  • Experience with SharePoint and ServiceNow
  • Strong communication, interpersonal skills, and the ability to establish strong working relationships at all levels
  • Demonstrates a high level of flexibility
Apply Online
Apply with LinkedIn Apply with Facebook Apply with Twitter

Send an email reminder to:

Share This Job:

Related Jobs:

Login to save this search and get notified of similar positions.