We are seeking a detail-oriented and technically proficient Principal GRC Analyst to join our Information Security team with a focus on validating and testing security controls across the enterprise. This role will serve as the most senior member of a small team focused on validating the effectiveness of information security controls. It is ideal for professionals with 8 or more years of experience in GRC IT audit or cybersecurity operations who have supervised IT control testing teams and are passionate about driving continuous improvement.
Plan lead and execute control validation and testing activities across various domains (e.g. access management vulnerability management incident response data protection).
Mentor junior analysts providing guidance on control validation methodologies and best practices while fostering a culture of accountability
Provide subject matter expertise regarding information security control validation and compliance frameworks to the CDT organization and its business partners
Document control issues and collaborate with stakeholders to develop remediation recommendations
Develop and enhance control testing methodologies procedures and reporting mechanisms
Prepare risk reports and dashboards for management and governance committees.
Influence the evolution of the GRC program through maturing tools automation processes and metrics and processes.
Experienced and Passionate: You are a seasoned security professional with a passion for governance risk and compliance
Methodical and Pragmatic: You approach control testing with precision and can identify pragmatic solutions to addressing risks
Self-Motivated and Curious: You are driven to understand the why you thoughtfully investigate complex issues and ask probing questions
Leadership-Oriented: You demonstrate initiative and are experienced in mentoring and developing others
Relationship Driven: You build rapport and support your team and colleagues across functions
Influential Communicator: Whether in writing or verbally you can effectively explain technical concepts and risks to colleagues and management without excessive jargon.
Bachelors degree in a technical field such as cybersecurity or business information systems
Security certifications such as CISSP CISA CRISC Sec or CC preferred.
Minimum 8 years experience in GRC IT audit or information security within mid-size to large corporate environment
Proven expertise in cybersecurity frameworks such as NIST CSF or ISO 27001
Hands-on experience in leading IT audits risk assessments or compliance programs
We are seeking a detail-oriented and technically proficient Principal GRC Analyst to join our Information Security team with a focus on validating and testing security controls across the enterprise. This role will serve as the most senior member of a small team focused on validating the effecti...
We are seeking a detail-oriented and technically proficient Principal GRC Analyst to join our Information Security team with a focus on validating and testing security controls across the enterprise. This role will serve as the most senior member of a small team focused on validating the effectiveness of information security controls. It is ideal for professionals with 8 or more years of experience in GRC IT audit or cybersecurity operations who have supervised IT control testing teams and are passionate about driving continuous improvement.
Plan lead and execute control validation and testing activities across various domains (e.g. access management vulnerability management incident response data protection).
Mentor junior analysts providing guidance on control validation methodologies and best practices while fostering a culture of accountability
Provide subject matter expertise regarding information security control validation and compliance frameworks to the CDT organization and its business partners
Document control issues and collaborate with stakeholders to develop remediation recommendations
Develop and enhance control testing methodologies procedures and reporting mechanisms
Prepare risk reports and dashboards for management and governance committees.
Influence the evolution of the GRC program through maturing tools automation processes and metrics and processes.
Experienced and Passionate: You are a seasoned security professional with a passion for governance risk and compliance
Methodical and Pragmatic: You approach control testing with precision and can identify pragmatic solutions to addressing risks
Self-Motivated and Curious: You are driven to understand the why you thoughtfully investigate complex issues and ask probing questions
Leadership-Oriented: You demonstrate initiative and are experienced in mentoring and developing others
Relationship Driven: You build rapport and support your team and colleagues across functions
Influential Communicator: Whether in writing or verbally you can effectively explain technical concepts and risks to colleagues and management without excessive jargon.
Bachelors degree in a technical field such as cybersecurity or business information systems
Security certifications such as CISSP CISA CRISC Sec or CC preferred.
Minimum 8 years experience in GRC IT audit or information security within mid-size to large corporate environment
Proven expertise in cybersecurity frameworks such as NIST CSF or ISO 27001
Hands-on experience in leading IT audits risk assessments or compliance programs
Job Location:
Monthly Salary:
Posted on:
Vacancies:
