Security GRC Analyst
Job Title: Security GRC Analyst
Do you want to work in a small and dynamic shop where you will work across departments to assure the security of internal and external systems of the most comprehensive news and disclosure network in the world? We offer Dot Com Work with Berkshire Hathaway Stability as well as competitive benefits, a team oriented environment, and a great financial district location near the Montgomery Street Bart Station.
Business Wire is seeking a Security Governance, Risk, and Compliance (GRC) Analyst to work in a team environment to lead security governance processes and to identify, measure, and report risks associated with Business Wire IT systems and applications. Reporting to the Director of Information Security, the Security GRC Analyst will audit and document IT compliance, analyze the effectiveness of IT controls such as change management processes and user provisioning lifecycles, and will operate tools that enable automated management of elevated system access within the Business Wire IT environment.
Essential Duties and Responsibilities include:
- Participate in an annual Security Risk Assessment, document identified system vulnerabilities, mitigating controls and residual risk(s) for Executive signoff
- Work with various audit teams (internal and external) to track system and application security weaknesses from identification to remediation/risk acceptance
- Translate raw security events and data captured during the IT Security Incident Response lifecycle into meaningful business-relevant information, clearly highlighting the business impact and recommended remediation actions
- Perform security audits of IT components using automated tools (e.g.: vulnerability scanners) and manual processes (e.g.: firewall rule set analysis) to identify and document risks associated with deviations from defined standards and baselines
- Assess home-grown and third-party IT solutions (both on-premise and cloud-based) for security compliance and make recommendations based on incurred risk versus business value
- Oversee all Business Wire Identity and Access Management (IAM) user provisioning and account recertification processes to ensure compliance with internal policies and standards are adhered to
- Oversee all Business Wire Privileged Identity Management (PIM) processes and serve as lead operator of the application supporting PIM provisioning, tracking, and reporting
- Develop and issue ad-hoc security compliance dashboards and reports for internal stakeholders, and participate in the completion of customer-requested risk assessments
- Work as a team member performing any and all functions necessary for the successful operation of the company as determined by the Chief Information Officer
- Ability to work on multiple projects concurrently
- CISSP, CISM, Security+, or other industry standard IT security certification with emphasis on security management and risk assessment methodologies
- Minimum 5 years of experience as an IT professional and 3 years of experience as an information security professional
- Knowledge of threat modeling or other risk identification techniques, system security vulnerabilities and remediation techniques
- Experience with IT control frameworks such as ITIL, COBIT and ISO/27002
- Knowledge of AICPA SAS-70 and/or SOC-2 audit criteria highly desired
- Experience with leading and/or executing IT change management processes
- Ability to lead meetings, broker conversations, record meeting minutes and document decision outcomes
- Hands on experience using change management, help desk, or software development bug tracking tools (e.g.: Remedy, JIRA, etc.) for submitting, routing, and approving IT system and application changes
- Experience with process development, analysis, implementation, and continuous improvement methodologies preferred
- Excellent communication skills
- Ability to work effectively with a variety of people
- Professional appearance and demeanor
- Demonstrate reliability through good attendance and punctuality
Send a resume, cover letter, and salary requirements to:
Subject: Security GRC Analyst
Via E-mail: GRC@businesswire.com.
Initial contact will be via email. Please keep your eyes open for our email and make sure we don't get caught in your SPAM filter.
No phone calls. No recruiters. Unable to sponsor visas at this time. No relocation. No telecommuting.
Business Wire agrees and represents that it will provide equal employment practices and the contractor and each subcontractor hereunder will ensure that in his or her employment practices persons are employed and employees are treated equally and without regard to or because of race, religion, ancestry , national origin, sexual orientation, age, disability marital status, domestic partner status, or medical condition