19 Sep
IT GRC Risk Analyst - REMOTE
Virginia, Newportnews , 23601 Newportnews USA

Vacancy expired!

Job Description: Job Title: IT GRC Risk AnalystDepartment: Ferguson IT, Information SecurityReports To: Senior Manager, Security Governance, Risk, and ComplianceThe Information Technology job family acquires, designs, implements, and operates the organization's information technology resources, including computer hardware, operating systems, communications, software applications, data processing and security. General areas of responsibility include developing information technology strategies, polices and plans; managing the acquisition, implementation, maintenance and use of information technology resources; and training and supporting technology users. Positions in Information Security are responsible for designing and monitoring control systems which ensure the integrity and security of data and for advising on the optimal use of the organization's computing resources.The IT GRC Risk Analyst provides organizational support for identifying, reporting, and directing remediation activities for key risks within the IT organization, ensuring that controls and activities are aligned with overall organization risk strategy and appetite. Primary functions include leading the identification and remediation of risks within a complex cross-functional organization, supporting the ongoing development, review and publication of security directives (e.g. policies, standards and guidance), monitoring and evaluating metrics related to compliance against those security directives, and leveraging broad enterprise knowledge and/or expertise of technology and core business processes.DUTIES AND RESPONSIBILITIES: Participates in IT GRC team efforts to plan, design, implement and maintain IT Governance, Risk & Compliance initiatives, and their supporting elements, these include, but are not limited to:•Facilitate discussions related to risk identification and mitigation by analyzing and recommending operational and business workflow changes to management.•Support the team in performing vendor risk assessments, contract reviews, SOC/SSAE18 reviews, and support the completion of 3rd party security questionnaires.•Drive the identification, creation and/or collection of reporting metrics, risk appetite statement updates, and testing results as needed.•Develop strong and meaningful relationships across all levels of the Enterprise Risk Management, Internal Audit, and Technology organization.•Participate in due-diligence activities related to mergers and acquisitions, providing communication and recommendations to senior management.•Act as a SME to support the interpretation of policies and compliance requirements to development, infrastructure, and implementation teams.•Perform duties as requested by Management, in addition to the essential job functions described above.QUALIFICATIONS AND REQUIREMENTS: •A minimum of four (4) years' experience in Information Security and/or Technology.•Associate degree combined with 5 years' experience in an IT-related role.•Bachelor's Degree plus 3 years' experience in an IT-related role;•Master's Degree in Information Security, Information Technology or Information.•Certifications such as CISSP, CISM, CISA, CRISC, GSEC, or PCIP, are preferred.•Advanced knowledge of concepts related to IT Governance, Risk Management, and Compliance.•Substantial ability to create, organize, and analyze complex logical processes.•Experience with ISO 27001/2.•Experience with NIST 800-171/DFARS.•Experience around creating and updating corporate policies, providing expert reviews around legal, regulatory and contractual requirements.•Knowledge of technical platforms, networks, security concepts, and data retrieval techniques.•Self-motivated, with the ability to initiate new work without immediate supervision.•Knowledge of auditing techniques and/or IT control environments a plus.•Proven ability to troubleshoot and solve complex and indistinct problems.•Ability to communicate with all audiences in a clear and professional written format.•Ability to speak publicly, including large groups, with all levels of management.#LI-REMOTE-The Company is an equal opportunity employer as well as a government contractor that shall abide by the requirements of 41 CFR 60-300.5(a), which prohibits discrimination against qualified protected Veterans and the requirements of 41 CFR 60-741.5(A), which prohibits discrimination against qualified individuals on the basis of disability. Ferguson Enterprises, LLC. is an equal employment employer F/M/Disability/Vet/Sexual Orientation/Gender Identity. Equal Employment Opportunity and Reasonable Accommodation Information

Vacancy expired!


Report job