Job Description
Responsibilities
- The Security Analyst, GRC will play a key role is helping to plan, organize, and manage governance, risk, and compliance efforts in alignment with the company's overall security and data privacy programs.
- This includes managing our Information Security Policies and Standards to ensure they remain current with NIST-CSF and that they are accessible and understood by all impacted users.
- The Security Analyst, GRC will also work to perform risk assessments on current internal systems, as well as assess the security controls of current and proposed vendors in alignment with security policies and standards.
- The Security Analyst GRC will have the opportunity to lead PCI compliance program of our corporate owned restaurants and ecommerce (Web & Mobile) platform.
- Manage all existing Information Security Policies and Standards, ensure they stay relevant and are available to all impacted teams. Identify and help to create new information security policies and standards that align with NIST-CSF and relevant compliance requirements.
- Conduct information security risk assessments and assist in documenting identified risks and treatment plans in Risk Register.
- Participate in enhancing compliance programs (PCI, SOX, etc..) ensuring all quarterly and annual requirements are successfully completed, documented, and communicated as appropriate. Identify opportunities to automate or simplify compliance where possible.
- Identify and establish key metrics to indicate the health and status of Information Security Governance, Risk, and Compliance activities to be shared with Sr. Leadership.
- Work with cross functional teams to drive security related initiatives
- Help to identify, develop, and execute security awareness opportunities to the organization.
Skills Required
- B.S. degree in a computer science, information technology, computer related discipline or 5+ years IT work experience in the area of Governance, Risk and Compliance.
- Team Player with proven leadership, communication, organizational, and relationship management skills.
- Self-motivated, with keen attention to detail and excellent judgment skills.
- Demonstrated success implementing Information Security control frameworks and standards such as ITIL, CIS, Soc2, GDPR, NIST CSF / 800-53
- Management, alignment, mapping, continuous improvement of internal security controls framework and control owner relationships. Integration expertise of vendor risk reviews, customer engagement surveys, control exceptions, risk assessments, audit readiness coordination, or security control requirement services.
- Compliance in alignment with security strategy and regulatory or legal obligations
- Participate in Payment Card Industry Data Security Standards (PCI DSS) audits.
- Experience with GRC, IAM, and Risk Management Tools and solutions
- Experience with information security tools and solutions
- Report key operational, and program metrics designed to provide transparency of key attributes such as compliance readiness, security framework alignment, program maturity and operations.
- Ability to write and present articulated documentation and processes.
- Knowledge of hybrid IT systems, networking, co-locations, and cloud environments (AWS, Azure, etc.).
- CISA, CRISC, GIAC, CISM, or CISSP Certification is a plus
Education & Work Experience
- Degree
- Work Experience
Title
Location
Client Industry
About Korn Ferry
Korn Ferry unleashes potential in people, teams, and organizations. We work with our clients to design optimal organization structures, roles, and responsibilities. We help them hire the right people and advise them on how to reward and motivate their workforce while developing professionals as they navigate and advance their careers. To learn more, please visit Korn Ferry at www.Kornferry.com