Contract Information Security GRC Analyst

Job Description:

Overview:

We don't simply hire employees. We invest in them. When you work at Chatham, we empower you - offering professional development opportunities to help you grow in your career, no matter if you've been here for five months or 15 years. Chatham has worked hard to create a distinct work environment that values people, teamwork, integrity, and client service. You will have immediate opportunities to partner with talented subject matter experts, work on complex projects, and contribute to the value Chatham delivers every day.

This role sits within theInformation Security Governance, Risk and Compliance (GRC) team, which reports directly into the CISO organization. The GRC team serves as the central function responsible for managing the enterprise's security risk posture, ensuring regulatory compliance, andmaintainingthe policy and control framework that governs information security across Chatham. This team works cross-functionally, partnering closely withProduct and Technology teamsto embed security into development and infrastructure initiatives,Human Resourcesfor security awareness and personnel security matters,Operationsfor business process alignment, and allChatham business unitsto ensure security requirements support businessobjectives. The team alsomaintainscritical relationships withOperational Riskto align cybersecurity risk management with enterprise riskframeworks andserves as the primary liaison toexternal auditorsfor SOC 2, regulatory examinations, and other assurance activities.

In this role you will:

The Information Security GRC Analyst with a Risk and Policy focusis responsible forassistingin the execution ofthe organization's security risk management program and supporting policy governance. This roletakes the lead in conductingthesecurityrisk assessments forChatham systems,vendorsand business processes. This roleis responsible formaintainingthetechnology and cybersecurity risks on the operationalrisk register; tracking issues andrisk mitigation activities; andsupportspolicy development.This role is also responsible for translatingtechnical risks into business-relevant recommendations,recommendingrisk-based decisions,documenting decisions onrisk treatment, tracking risk mitigationaction plans to completionandreviewing systems/processes forpolicy compliance.

• Risk Assessment Execution: Conducttechnologyandsecurity risk assessments for internal systems, product and technologyprojects using established frameworks (NIST SP 800-30, ISO 27005, etc.)

• Technology and CybersecurityRisk Register Management: Maintainthe technologyrisk register(includes Cybersecurity)documenting threats, vulnerabilities, impacts, likelihood, risk ratings, and treatment decisions; ensure consistent updates with stakeholder input

• Technology and CybersecurityRisk Mitigation Tracking: Document risk treatment plans with action items, responsible parties, and target dates; track remediation progress; verify risk reduction upon closure

• Technologyand CybersecurityPolicy Support: Support policy lifecycle activities including drafting, review, and updates; ensure policies alignment based on industry standards such as NIST, ISO 27001, etc.,

• Cybersecurity and Information SecurityRisk MetricsDevelopment: Develop and report risk metrics and KRIs; analyze trends in risk posture;identifysystemic issues requiring management attention

• Technology and CybersecurityRiskReporting/Communication: Translate technical risk findings into business-relevant language; prepare risk summaries for management review and decision-making

• Stakeholder Engagement: Partner withcontrol owners,system owners, product team, technologyteamandbusiness stakeholders toidentifyand assess risks throughout the system lifecycle.

Your impact:

Success in this role requires strong collaborative relationships across Chatham. TheInformation Security GRCAnalyst partners closely with theManager of Information Security GRC,and Information Security leadershipto align risk priorities with security strategy. The analyst will interact on a regular basiswithtechnology and information security control owners to ensure controls areproperly designed, implemented, andmonitored.The analyst engages withOperational Riskto integratetechnology andcybersecurity risks intothe operationalrisk framework and reporting. Finally, collaboration withexternal auditorsduring SOC 2 and regulatory examinationsvalidatesthat risk management practices meet industry standards and client expectations.

Contributors to your success:

• Bachelor's degree, preferablyin Information Security, Computer Science, Risk Management, or relatedexperience in the field.

• 3-5+ years of experience in ITaudit, ITrisk management,executingsecurity assessments, orexperienceina relatedTechnology, IT Audit or DataGovernance,role.

• Experiencein supporting/coordinating companySOC 2Trust Services Criteriaaudits or conducting SOC 2 audits.

• Experience inconductingtechnology and securityrisk assessments using NIST, ISO 27005, or similar methodologies

• Strong understanding ofCybersecurity risks and mitigation strategies as well asfunctional experience withthreat modeling, vulnerability analysis, and risk quantificationand follow through.

• Knowledge of security frameworks: NIST CSF, NIST 800-53, ISO 27001, Center of Internet Security (CIS),SOC 2Trust Services Criteria,Cloud Control Matrix (CCM)

• Knowledge ofthird-party security assessmentsand/or data protection/impact assessments.

• Excellent analytical and written communication skills

• Certifications preferred: CRISC,CDPSE,CISA, CISSP, ISO 27001 Lead Auditor/Lead Implementer

• Other Certificationsconsidered:CGEIT, CCSK,CompTIA Security+, CompTIACySA+, CISSP-Associate, GIAC/GSEC, PMP/CAPM, AWS Cloud Practitioner, Azure Cloud Practitioner
  

* This is a contract position working 40 hours a week

About Chatham Financial:

Chatham Financial is the leading independent capital markets advisor, delivering an integrated blend of expert advice and powerful technology to help you reduce risk and seize opportunity. With decades of capital markets strategy, execution, monitoring, and performance expertise, we serve as an unwavering advocate for your best interests and your innovation partner. Our technology platform unifies data across assets, debt, and derivatives, giving you unmatched agility, transparency, and insight.

It's clear ahead.

Our commitment is to carry that light forward in every partnership, every solution, and every market we serve.

We help guide the way-giving clients the insight and momentum to move forward with confidence, no matter what lies ahead.