This Job Vacancy has Expired!

Principal Information Security Governance and Compliance Analyst

Posted on Apr 21, 2022 by Request Technology

Dallas, TX 75201
IT
Immediate Start
$120k - $130k Annual
Full-Time

*We are unable to sponsor as this is a permanent full time role*

A prestigious company is on the search for a Principal Information Security Governance and Compliance Analyst. This position will focus on Information security GRC. Working with frameworks such as NIST, ISO, etc.

Responsibilities

  • Act as an information security governance and compliance subject matter expert
  • Develop, publish, and maintain information security policies, standards, and control procedures
  • Maintain the policy life cycle management function, ensuring information technology and security policies are reviewed and updated on a regular basis
  • Work closely with the Information Security Risk Management team to design, document, and test controls aligned to mitigate IT risks within the IT organization
  • Maintain the control inventory and control mappings to security compliance frameworks such as NIST CSF/800-53, ISO 27001/2, etc.
  • Conduct regular risk-based compliance testing of information security controls, reporting exceptions and monitoring remediation efforts
  • Develop metrics and KPIs (Key Performance Indicators) for the information security program and prepares executive reports
  • Conduct the annual NIST Cyber Security Framework (CSF) self-assessment and presents findings and accomplishments
  • Participate heavily in the development, growth, and maturity of the governance and compliance management program within the ServiceNow GRC (governance, risk, and compliance) solution
  • Stay updated with compliance, regulatory, and industry best practices applicable to Company
  • Participate in various stages of the project management life cycle to ensure successful implementation of security controls
  • Develop and executes effective presentations at all levels within the organization
  • Act as a consultant to the information security and information technology departments, providing guidance and helping to mature the overall security posture of the organization

Qualifications

  • Eight or more years of work experience in information security, IT auditing, risk management, and/or compliance management
  • Bachelor's degree in computer science, information security, information technology, or related field of study; or equivalent professional work experience
  • Professional governance, risk, or compliance certification such as CISA, CRISC, CGEIT, etc.
  • Demonstrable expert-level experience in writing, editing, and revising policies, control procedures, and other governance documents (Ability to provide samples a plus)
  • Expert-level experience in executing compliance control testing programs and processes
  • Experience implementing a variety of information security frameworks & controls across a large organization
  • Strong working experience with the NIST Cybersecurity Framework, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, or CIS Benchmark
  • Knowledge of risk management processes, techniques, and tools
  • Familiarity with network technologies and protocols (Switches, Routers, Firewalls, VPNs, remote connection technologies, and multiple domain environments)
  • Knowledge of hybrid IT systems, network security, application security, identity & access management, vulnerability management, endpoint security, and cloud environments (AWS, Azure, Salesforce, etc.)
  • Professional information security certification such as CISSP, CISM, ISO Lead Auditor, etc.
  • Experience implementing GRC/IRM tools (experience with ServiceNow GRC/IRM a plus)
  • Knowledge of Scripting languages (such as python, PowerShell, etc.)

Reference: 1571870873

Set up alerts to get notified of new vacancies.