Senior Cyber Security Analyst Governance, Risk and Compliance (GRC)
The candidate will perform cyber security risk, governance and compliance management and oversight.
- A four (4) year degree in Information Systems, Computer Science or Cyber Security.
- Staff must have a minimum of five (5) years of current experience in:
(i) Risk Management
(ii) Governance and Compliance
(iii) Information Security
(iv) Special Publication National Institute of Standards and Technology (NIST) 800 series
SKILLS, KNOWLEDGE AND ABILITIES
- The Senior Cyber Security Analyst (GRC) must have experience conducting/implementing/managing information systems audits.
- Must possess strong written and verbal communication skills.
- Proficiency with all Microsoft (MS) Office programs is necessary, including familiarity with SharePoint.
- Conducting and/or coordinating information security risk assessments for technology and security frameworks.
- Facilitating multiple stakeholders to agree on appropriate security solutions and verifying that security risks are mitigated appropriately.
- Verifying that required security controls are built into new products.
- Performing deep dives on Information security-related processes and systems.
- Identifying system limitations that could lead to regulatory risks in new products and services and provide guidance for resolution and risk mitigation.
- Staying abreast of innovative business and technology trends in Information Security, risk, and controls and advising leadership on technology initiatives.
- Carrying out risk assessments and gap analysis of multi-networks and cloud environments using compliance standards and frameworks such as PCI, Diplomatic Security Service (DSS), Criminal Justice Information Services (CJIS) and NIST.
- Creating, managing, and enforcing compliance requirements for business process and information systems and assisting in the development of Authority wide cybersecurity compliance program.
- Designing and/or implementing Information Security solutions in an enterprise environment.
- Leading initiatives for re-architecting and reengineering of security controls to enhance the security posture of the Authority.
- Strong knowledge of Vulnerability Management Remediation and Payment Card Industry (PCI) Compliance
(i) Certified Information Systems Security Professional (CISSP)
(iii) Certified Information Systems Auditor (CISA) or Certified Information Security Manager (CISM)
Start Time: Spring 2021