Security Architect (GRC) - Remote

Job Title : Security Architect (GRC) Job Location : Rochester, NY (Remote) Job Type: Contract. Job Description Client is looking for Senior Governance; Risk and Compliance (GRC) Analysts position who will be working with one of the leading hybrid Cloud Data Services and Data management Company in US. The ideal candidate will have strong auditing and organizational skills with the ability to manage a diverse workload in a fast-paced environment. The candidate should have an ability to apply InfoSec risk management principles and partnering with various diverse teams to provide guidance to business stakeholders across different functional business areas of the enterprise Responsibilities:

• Management of ISO27001:2013 & SOC2; Type 2 certification ; information security (InfoSec) risk analytics; governance policy and standards drafting; risk remediation process implementation; NIST800 compliance and framework management; disaster recovery program management; as well as other GRC subject matter expert related duties in support of the Information Security team.
• Ability conduct thorough risk analysis; control identification and audit program development. Demonstrate the ability to multi-task; by clearly documenting the results of testing on more than one audit concurrently.
• Effectively communicate audit issues and related recommendations in both technical and non-technical terms to Operational and IT management.
• Demonstrate technical knowledge of routine IT systems and processes and continues development of technical and analytical skills to understand more complex technologies. Interprets the associated risks; develops testing approach; and proposes solutions.
• Lead the initial root cause analysist process; influencing problem solving efforts and participate in department-wide CI efforts.
• Demonstrates increased technical understanding of data analysis concepts and practices.
• Shares knowledge and experience with less experienced team members.
• Documentation review; drafting of policy; procedures and standards; certification and accreditation documents
• Collaborate with Incident Response; Vulnerability Management and Insider Threat teams to develop risk mitigation strategies from new and emerging risks
• Serve as an IS liaison to business units and third parties to create and/or provide feedback on items assigned or influenced by the team (e.g.; InfoSec best practices; policy and procedure development; employee education and awareness; security exceptions)
• Maintain confidentiality of all investigations; reports; and other confidential and sensitive information associated with position
• Interact enterprise-wide with all levels of personnel; including executives; business functional heads and technical staff
• Define and deliver EIS GRC metrics; analytics; and scorecards Requirements:

• You should possess industry-specific knowledge regarding security related regulations and controls; such as ISO 27001; SOC2; Fed Ramp; and NIST 800
• Should be Two or more years of IT Audit or information technology experience with a focus on information security; risk management; or system development.
• Demonstrated ability to evaluate internal controls; execute large portions of an audit independently; analyze and solve complex problems; conduct research; and express ideas clearly; concisely and persuasively both verbally and in writing.
• Demonstrates a strong understanding of business ethics.
• You are proficient IT Audit skills as typically acquired though a Bachelor's degree in Computer Science; Management Information Systems or a comparative field.
• You should be able to work well with people from many different disciplines with varying degrees of technical experience.
• You should be able to adapt to a dynamic; rapidly changing business and technical environment; exercise good professional judgment; maintain confidentiality; manage projects through the entirety of the life cycle; develop security standards and guidelines based on best practices and industry standards Tech stack:
• Infosec related training or certifications such as CISSP; CISA; or CISM.
• GRC automation software; ServiceNow; or other compliance and workflow tools.