Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

GRC Analyst

United IT Solutions

Job Title: GRC Analyst


Location: Santa Clara, CA / Hybrid (Only Locals)


Required Skills:

  • Excellent understanding and practical application of industry security frameworks including SANS Critical Security Controls, CIS Controls, ISO 27001, NIST SP 800-53, PCI DSS, and SOC2.
  • Great understanding of IT control frameworks (COBIT) and IT general controls
  • Strong knowledge of information security concepts, risk and controls concepts
  • Strong knowledge of standards such as ISO 27001/2, NIST CSF, NIST 800-53, TSC 2017 (SOC2), PCI DSS, etc.
  • Strong knowledge of security control domains such as Asset Management, Configuration Management, SDLC, Logging and Monitoring, Data Security, Network Security, Security Governance, Identity Access Management, Vulnerability Management, etc.
  • Proficiency in a wide spectrum of technical security controls encompassing logical access control, encryption , data loss prevention, secure coding practices, security architecture, vulnerability management, and network security technologies.
  • Expert in conducting Vendor risk assessments and understand risk exposure of technology deficiencies and translating them to business impact
  • Strong domain experience in security risk assessments
  • Working knowledge of risk treatment and exception processes
  • Strong knowledge of Security architecture design and review including key security controls related to authorization, authentication, and encryption of data in transit/at rest
  • Ability to configure and/or maintain 3rd party customer audit management tools (such as OneTrust Compliance Automation or a similar tool ) for automated evidence collection to support customer audits is a plus
  • Ability to configure and/or maintain 3rd party vendor risk management tools (such as OneTrust vendor assessment or a similar tool ) for third party risk assessments is a plus
  • One or more certifications such as CISSP, CISA, CISM, CEH, ISO 27001 Lead Auditor and Lead Implementer
  • Open to learning and working on new domains and technology
  • Good written and spoken communications skills to explain and articulate technical concepts effectively to stakeholders including system engineers, and auditors
  • Strong attention to detail and diligence
Certifications & Licenses:
  • CISA
  • CISM
  • CISSP
  • Cissp Certification
  • Proficiency in a wide spectrum of technical security controls encompassing logical access control
Vacancy posted more than 2 months ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to GRC Analyst. Be the first to apply!

Related searches