Principal Information Security Governance and Compliance Analyst
Posted on May 25, 2022 by Request Technology
*We are unable to sponsor as this is a permanent full time role*
A prestigious company is on the search for a Principal Information Security Governance and Compliance Analyst. This position will focus on Information security GRC. Working with frameworks such as NIST, ISO, etc.
- Act as an information security governance and compliance subject matter expert
- Develop, publish, and maintain information security policies, standards, and control procedures
- Maintain the policy life cycle management function, ensuring information technology and security policies are reviewed and updated on a regular basis
- Work closely with the Information Security Risk Management team to design, document, and test controls aligned to mitigate IT risks within the IT organization
- Maintain the control inventory and control mappings to security compliance frameworks such as NIST CSF/800-53, ISO 27001/2, etc.
- Conduct regular risk-based compliance testing of information security controls, reporting exceptions and monitoring remediation efforts
- Develop metrics and KPIs (Key Performance Indicators) for the information security program and prepares executive reports
- Conduct the annual NIST Cyber Security Framework (CSF) self-assessment and presents findings and accomplishments
- Participate heavily in the development, growth, and maturity of the governance and compliance management program within the ServiceNow GRC (governance, risk, and compliance) solution
- Stay updated with compliance, regulatory, and industry best practices applicable to Company
- Participate in various stages of the project management life cycle to ensure successful implementation of security controls
- Develop and executes effective presentations at all levels within the organization
- Act as a consultant to the information security and information technology departments, providing guidance and helping to mature the overall security posture of the organization
- Eight or more years of work experience in information security, IT auditing, risk management, and/or compliance management
- Bachelor's degree in computer science, information security, information technology, or related field of study; or equivalent professional work experience
- Professional governance, risk, or compliance certification such as CISA, CRISC, CGEIT, etc.
- Demonstrable expert-level experience in writing, editing, and revising policies, control procedures, and other governance documents (Ability to provide samples a plus)
- Expert-level experience in executing compliance control testing programs and processes
- Experience implementing a variety of information security frameworks & controls across a large organization
- Strong working experience with the NIST Cybersecurity Framework, ISO 27001 & 27002, Cloud Security Alliance (CSA), OWASP, or CIS Benchmark
- Knowledge of risk management processes, techniques, and tools
- Familiarity with network technologies and protocols (Switches, Routers, Firewalls, VPNs, remote connection technologies, and multiple domain environments)
- Knowledge of hybrid IT systems, network security, application security, identity & access management, vulnerability management, endpoint security, and cloud environments (AWS, Azure, Salesforce, etc.)
- Professional information security certification such as CISSP, CISM, ISO Lead Auditor, etc.
- Experience implementing GRC/IRM tools (experience with ServiceNow GRC/IRM a plus)
- Knowledge of Scripting languages (such as python, PowerShell, etc.)