Security Governance, Risk, Compliance Analyst

Description

The Security Governance, Risk, Compliance (GRC) Analyst will be responsible for supporting the daily activities of the GRC function within A&M’s Global Security Office.  This role will be focused in supporting client questionnaires and audit requests, performance of third-party supplier assessments, and working closely with business stakeholders to align security measures commensurate with risk.  The GRC Analyst requires a strong understanding of security controls with the ability to effectively assess and communicate technical security requirements to teams across the firm. The GRC Analyst will support cybersecurity related initiatives as required.

Responsibilities:

• Respond to client security questionnaires, RFP/RFI’s, and audit requests.  Coordinate responses by working with internal stakeholders across disciplines.  Maintain database of knowledge. 

• Execute the firm’s Heightened Security Process which entails working with business stakeholders globally to ensure appropriate security measures are in place at the engagement level.

• Perform third-party security vendor diligence.  Laisse with business and external stakeholders to perform assessments and identify risk, whilst maintaining monitoring activities of existing vendors.

• Respond to and maintain the GRC service queue for tickets escalated to the team in coordination with the relevant stakeholders.   

• Participate and execute governance activities including metrics gathering and reporting, and the performance of recurring internal assessment activities.

• Support activities pertaining to risk management; execution of the risk strategy inclusive of identification, tracking, and participation within treatment activities.

Qualifications:

• Couple of years experience in Security Governance, risk, and compliance or related.

• Strong experience responding to client/customer security inquires. 

• Broad and solid understanding of cyber security concepts and risks.

• Strong familiarity with industry frameworks such as ISO standards, NIST, and SOC reports.

• Working knowledge of common audit and compliance tools.  Experience with a GRC tool is a plus.

• Demonstrable knowledge in the assessment of third-party suppliers.

• Strong analytical thinking, written, and oral communication skills.

• Ability to drive responsibilities independently, while serving as a valued team member in the greater context. 

Desired Education:

• Bachelor’s degree – preferably in Information Security, Computer Science or related area.

• Industry recognized certification in security (e.g., CISSP, CISA, CISM, CRISC, ISO27001).

The salary range is $90,000 - $110,000 annually, dependent on several variables including but not limited to education, experience, skills, and geography. In addition, A&M offers a discretionary bonus program which is based on a number of factors, including individual and firm performance.  Please ask your recruiter for details.