Information Security GRC Analyst
Business Wire is renowned for both its excellent and unique benefits package. In the US, we offer standard benefits such as health insurance, 401k matching and paid time off. We also offer unique benefits including reimbursement plans for fitness, dental, vision and education classes. Outside the US, benefits are offered according to local regulations and custom, and may vary by country.
Most importantly, we value those employees who make their career at Business Wire; we are very proud of the fact that our length of employment far exceeds the standard. Longtime employees are well rewarded - financially, professionally, and uniquely.
Job Title: Information Security GRC Analyst
Are you looking for the opportunity to make a difference in a dynamic organization that is team focused and mission driven? Then come join us in the heart of the San Francisco Financial District, just half a block from the Embarcadero BART/MUNI Metro station.
This position reports to the Chief Information Security Officer, as an integral member of the Information Security team. The Information Security GRC Analyst is responsible for security governance, process development, performance measurement, and exception reporting. This position directly supports independent third party and client security audits ensuring industry best practices and regulated industries requirements, including but not limited to SOC2, PCI, FISMA, ISO 27k, and NIST Cybersecurity Framework.
Candidates must be highly organized, detail oriented, and able to maintain a complex schedule of deliverables. This position also requires routine authoring of formal responses to audit requests, compliance verifications, service agreements, and procedural documentation.
If you have these skills and the drive to excel, then please apply now!
Duties and Responsibilities
- Perform ongoing governance and compliance audits with various third party entities to track, respond, and remediate observations in a continuous cycle of information security enhancement.
- Conduct internal technical systems audits, utilizing industry leading tools to identify risks, document remediation and drive resolution.
- Perform annual SOC2 & Security Risk Assessments to document identified system vulnerabilities, mitigating controls and residual risk(s) for executive signoff.
- Assess home-grown and third-party IT solutions (both on premise and cloud-based) for security compliance and make recommendations based on incurred risk versus business value.
- Oversee Privileged Identity Management (PIM) processes and serve as technical coordinator.
- Develop and publish security compliance dashboards and reports for internal stakeholders, and complete customer requested risk assessments.
- Demonstrate success through good attendance, punctuality, and effective completion of assigned tasks.
- Work as a team member performing any functions necessary for the successful deliver our company objectives.
Skills and Qualifications:
- Minimum of 5 years’ experience as an IT professional and 3 years’ experience as an information security compliance professional.
- Knowledge of common systems, network, and application vulnerabilities and remediation techniques.
- Knowledge of security control frameworks such as OWASP, ISO 27k, PCI DSS, SSAE 16, and NIST.
- Knowledge of IT control frameworks such as ITIL and COBIT.
- Familiarity with IT risk assessment methodologies and threat modeling frameworks.
- Experience with leading and/or executing IT change management processes.
- Ability to lead meetings, broker conversations, record meeting minutes, document decision, and action items.
- Excellent communication skills and ability to work effectively with a variety of people.
- Ability to work on multiple projects concurrently.
- Professional appearance and demeanor.
Business Wire offers a fulfilling, stable environment with an emphasis on work/life balance.
We offer an attractive salary and a comprehensive benefits package including health insurance, a dental/vision/education/fitness reimbursement program, 401(k), and Paid Time Off.
For more information, please visit our website: http://www.businesswire.com/
To apply, please send a resume and cover letter to: firstname.lastname@example.org
Please Note: Acceptance of a job offer is contingent upon submitting proof of education noted on the job application.
Background checks will not be conducted until after a job offer has been made, and all qualified applicants will be considered for employment, regardless of criminal history.
All qualified applicants will receive consideration for employment without regard to race, religion, ancestry, national origin, sexual orientation, age, disability, marital status, domestic partner status, or medical condition.
No phone calls.