Governance Risk Compliance Analyst III Position Available In Pinellas, Florida
Tallo's Job Summary: This job listing in Pinellas - FL has been recently added. Tallo will add a summary here for this job shortly.
Job Description
Governance Risk Compliance Analyst III
Job Summary:
Members of the Governance/Risk/Compliance Section assure the risk posture of the organization is being adequately managed while maintaining related project plans. GSI is a highly dynamic environment and as such the successful employee will adequately manage competing priorities in a growing department. Risk analysts ensure that the organization is adequately aligning with the information security frameworks. Viable candidates must be willing to work onsite at GSI’s headquarters in Palm Harbor, Florida daily.
Key Responsibilities:
Members of the Governance, Risk, and Compliance (GRC) team assist in analyzing the risk posture of Geographic Solutions, Inc (GSI) by:
Collecting evidence
Measuring existing controls against the different audit standards and information security frameworks in use
Periodically monitoring process and procedures for alignment
Participating in standups/scrum meetings
Attending meetings and taking notes for discussion and socialization to other team members
Acting as a Subject Matter Expert (SME) for all stakeholders and teams in a constructive collaborative way
Participating in development and maintenance of policies
Participating in development and maintenance of procedures
Information security related training requirements Information security related Audit and Compliance requirements Information Security Framework Alignment
Maintaining and updating Project Plans
Responsible for updating and maintaining NIST Policy Documentation
Responsible for updating and maintaining System Security Plans (SSPs) for each customer tenant.
Conducting information security controls gap assessments
Setting meetings required for GRC
Adequately documenting meetings as needed or as requested
Project Management
Understand and keep up with changes to the information security frameworks
Participate in GRC related meetings
Note:
No one person is expected to manage these workloads concurrently. The workloads are spread across level III team members and individual expectations are further defined by each team member s roles and responsibilities Responsibility Assignment Matrix (RAM) chart. Work Experience /
Knowledge:
Employee should be able to provide Subject Matter Expertise (SME) in the following information security frameworks initially or within the first year:
NIST-800
Information Security Framework
NIST-CSF
(Cyber Security Framework)
HiTRUST
FedRAMP
StateRAMP
Employee will have or be able to attain these key skills in the first year: Versed in Governance, Risk, and Compliance (each respective domain)
Experience in conducting and participating in audits
Capable of managing competing priorities and demanding timelines
Managing third party vendors
Technical writing
Project Management
Be highly organized
Create and conduct risk assessments and track remediation efforts
Develop risk metrics and risk reports
Perform IT risk assessments, 3rd party risk assessments.
Identify information security framework gaps Communicate complex risks to organization Identify what the risks are to critical applications, systems, and data
Identify and organize enterprise data by the weight of the risk associated with it
Managing key tasks and projects
Work with customers and stakeholders to mitigate the risks
Assess risks based on identified risk areas to develop individual risk profiles
Assist in ongoing records and information review to determine the effectiveness of work processes and procedures
Educate internal stakeholders about business risks brought about by industry trends
Ensure risk management policies and guidelines are followed and report possible fraud for corrupt practices
Execute communication plans for risk management policies and guidelines across internal stakeholders
Manage execution of reporting methods across internal stakeholders
Plan continuous work improvement activities and performance improvement strategies
Prepare reports on impact of latest industry developments, market trends and regulations on business risks
Prepare risk assessment schedule based on overall business schedules
Review risk criteria best practices and industry trends to support risk criteria
Review the impact of risk mitigation and plan to provide enhancements and support as needed (regarding information security frameworks and gaps)
Support the use of technologies, electronic tools and devices for GRC automation
Work with internal stakeholders to identify risk areas and compare industry trends
Work with internal stakeholders to improve risk management framework alignment
Work with partners to improve risk management policies
Work with staff to support risk mitigation plans across functional tracks
Experienced in information security frameworks and activities. e.g., Fed
RAMP, FISMA, CSF, NIST
800, ISO27001, StateRAMP, FedRAMP, HiTRUST, CIS, etc.
Qualifications /
Certifications:
Employee should have or be able to obtain in the first year one or more of the following certifications:
Certified Risk and Information Systems Control CRISC
Certified in Governance of Enterprise IT
- CGEIT
Project Management Institute Risk Management Professional - PMI-RMP
Information Technology infrastructure Library Expert ITIL Expert
Certification in Risk Management Assurance CRMA
GRC Professional GRCP
GRC Audit Certification GRCA
Integrated Policy Management Professional IPMP
Project Management Professional PMP
Integrated Data Privacy Professional - IDPP
Integrated Governance and Oversight Professional - IGOP
Integrated Compliance and Ethics Professional - ICEP
Integrated Security and Continuity Professional - ISCP
Integrated Strategy and Performance Professional - ISPP
Integrated Audit and Assurance Professional IAAP
CySA+ Cyber Security Analyst
CRISC, PMP, or equivalent
CISSP, CRM, CRA, CISM, or equivalent preferred
Knowledge of information security frameworks and activities.
e.g., Fed
RAMP, NIST CSF, NIST
Information Security Framework, StateRAMP, ISO27001, SOC1, SOC2, SOC3, etc.
Certified in Risk & Information Systems Control (CRISC)
Project Management Professional Certification (PMP)
Excel Spreadsheets Presentation Skills
Logical, organized, and apply attention to detail in work and on presentations
Qualifications /
Certifications:
Bachelor s Degree with 6 years of experience (a master s degree can substitute for 2 years experience)
Three or more years of experience
Level of professionalism
Level of understanding of how an enterprise class business operates
Special Requirements:
May also be assigned various projects and tasks as needed
Hours:
Day shift. Evening and weekend hours may be required
Equal Opportunity Employer. M/F/D/V
Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.
Report this job
Dice Id:
RTL142791
Position Id:
3369124
