Job Description

We are seeking a skilled GRC specialist to join our dynamic team. In this role, you will implement processes to automate and monitor information security controls, risks, and testing, and update security policies to align with industry standards and legal requirements. You will define and document business process responsibilities, update security controls, and support stakeholders. Additionally, you will assess and investigate security risks and exceptions, document and report control failures, provide remediation guidance, and track remediation activities. You will also assist in managing and overseeing security program functions.

Requirements:

Education:

  • A Bachelor's degree in Business Administration, Information Technology, or a related field is preferred; an Associate's degree in Computer Information Systems or a related discipline can also be considered.

Certifications:

  • CompTIA Security+, ISACA Certified Information Security Auditor (CISA), CISSP.

Work Experience:

  • At least 2 years of experience in a GRC-related role or relevant industry experience, and 3 years of applied work experience in cybersecurity programs, audits, assessments, risk, remediation, or cybersecurity compliance.

Technical Skills:

  • Ability to develop, write, and update information security policies and procedures; experience in performing risk assessments and control testing.
  • Knowledge of remediation processes and the ability to provide guidance.
  • Proficiency in developing reporting metrics, dashboards, and evidence artifacts.
  • Understanding of the CIS, NIST, and COBIT frameworks.

Soft Skills:

  • Strong analytical and problem-solving skills to identify and assess potential risks. Excellent attention to detail and accuracy to ensure policies and procedures are correctly implemented.
  • Effective communication and interpersonal skills to disseminate information and increase awareness within the organization.

برای مشاهده‌ی شغل‌هایی که ارتباط بیشتری با حرفه‌ی شما دارد،