579668-Senior Cybersecurity GRC Analyst

This position requires•Clear Background, Drug Test, and Education Check. Must be authorized to work in the US for any employer without Sponsorship. (Principal Only! No Corp to Corp )•

Position Title:

579668-

Senior Cybersecurity GRC Analyst Location:

San Jose, CA Pay Rate:

$85•95

Contract Duration:

6 months contract

Description:

•

Governance & Compliance Leadership:

Develop and manage the overarching Compliance Program to ensure alignment with industry standards (e.g., SOC2, NIST 800-171, ISO 27001, NIST 800-53). Partner with IT Security Operations to ensure security controls are properly designed, implemented, and operating effectively. Lead the end-to-end cybersecurity audit process (internal and external), including the preparation of response documentation and the execution of remediation plans. Develop and distribute high-level information security reports and compliance dashboards to key stakeholders. •

Risk Management & Assessment:

Lead comprehensive cybersecurity risk assessments across the enterprise, identifying vulnerabilities and recommending prioritized mitigation strategies. Develop and maintain the Corporate Risk Register, tracking risk acceptance, treatment plans, and residual risk. Perform quantitative and qualitative risk analysis to inform executive decision-making and resource allocation •

Identity & Access Governance:

Oversee and collaborate with stakeholders to execute quarterly user access reviews (UAR) and monthly user activity monitoring. Ensure timely completion, technical accuracy, and rigorous documentation of all access reviews to meet audit requirements. Analyze access trends and "over-privileged" accounts to recommend Least Privilege improvements and role-based access control (RBAC) refinements. • Third-Party Risk Management (TPRM): Own and maintain Third-Party Risk Management evaluation practices, ensuring vendors are vetted against corporate security standards to mitigate supply-chain risk. •

Policy & Process Engineering:

Author, maintain, and update information security policies and Standard Operating Procedures (SOPs) to ensure alignment with evolving industry standards. Manage and govern Change Management processes to ensure security stability and compliance during technical transitions.

Location:

Onsite at our San Jose office/headquarters 5 days a week

Requirements:

•

Experience:

Minimum 10 years of experience managing Cybersecurity compliance programs from inception to completion. •

Technical Expertise:

Hands-on experience with SOC 2 and a deep understanding of IT technical security controls. •

Framework Proficiency:

Expert knowledge of industry-standard programs (e.g., ISO 27001, CIS v8.1, NIST 800-53, NIST 800-171, CMMC, FedRAMP). •

Analytical Skills:

Strong analytical thinking with the ability to prioritize complex tasks within a fast-paced, evolving environment. •

Communication:

Excellent interpersonal, verbal, and written communication skills, with the ability to work effectively as a team player or independently. •

Security Knowledge:

A strong foundation in IT security concepts with a heavy emphasis on Security Risk Assessment. •

Certifications:

Relevant professional certifications such as CISSP, CISM, or CISA.

Preferred Qualifications:

• Exceptional ability to tailor complex technical communication for both technical audiences and non-technical executive leadership. We encourage Minorities, Women, Protected Veterans and Disabled individuals to apply for all positions that they may be qualified for. We maintain a drug-free workplace and perform pre-employment substance abuse testing and background checks If you are interested in this position, please submit your resume in a Word Document with the month and year that you have worked at each previous position to•Veronika@norlandgroup.

com and copy:

579668-Senior Cybersecurity GRC Analyst to the email Subject Line. Or click this email link and attach your resume in a MS Word Document format