Career Opportunities

Share This Job

Security Governance, Risk and Compliance Analyst – Security Risk Management

Job Title
Security Governance, Risk and Compliance Analyst – Security Risk Management
Job ID
27059894
Location
Southfield,  MI 48075
Other Location
Description

Information Security Governance, Risk and Compliance Analyst – Security Risk Management

The IS GRC Analyst will be responsible for identifying, reviewing, and providing recommendations on security risk management for the firm. The IS GRC Analyst will use ServiceNow and Factor Analysis in Information Risk (FAIR) to track, monitor and analyze security related risk. The person will consult and interface with network administrators, system administrators, desktop support staff, IT staff, developers, and non-IT departments on project and system requirements.

Key Responsibilities:

  • Document risk methodology, maintain risk register, and initiate risk assessments
  • Perform annual risk assessment and periodic risk assessments as determined by system development lifecycle, change management or project onboarding activities
  • Compose risk assessment reports, as well as develop remediation plans to address risks, vulnerabilities or control deficiencies discovered during audits or risk assessments
  • Provide insight and participate in security projects to evaluate and recommend security products for various applications and platforms throughout the organization while supporting business initiatives
  • Measure and report metrics to IS GRC Manager
  • Provide expertise when reviewing updates to information security policies, standards, and procedures; Author and update policies, standards and procedures that are related to compliance and audit
  • Lead cross-training activities with IS GRC team to ensure backup support is available
  • Improve security efficiency, streamline, and automate work processes while working collaboratively with other team members and IT staff to accomplish objectives
  • Manage and track projects (as needed); Review and analyze exception requests
  • Become an expert in ServiceNow GRC module and manage functional services that are related to risk management
  • May serve as backup to other IS GRC roles; Participate, as needed, in critical incidents and implementation reviews

 Qualifications / Requirements:

  • Minimum 2-5 years of professional work experience
  • Experience within Information Security, Risk, Compliance, Audit or Information Technology is desired, but not required
  • Bachelor’s degree in Information Technology or related field recommended
  • Expected to stay current on security industry trends, new threats, attack techniques, mitigation techniques, and emerging security technologies with a willingness to increase knowledge and credibility through obtaining training and/or certifications
  • Keep abreast of the latest information security standards, privacy laws, and regulations to ensure compliance both with internal security policies
  • Proven project management & organizational skills; manage multiple priorities and deadlines
  • Certified in Factor Analysis of Information Risk (FAIR) desired, but not required
  • Certified Information Systems Security Professional (CISSP) desired, but not required
  • Certified Information Systems Auditor (CISA) desired, but not required
  • Certified in Risk & Information Systems Control (CRISC) desired, but not required
  • Highly motivated to work in information security
  • Ability to work well as an individual and as part of a team
  • Excellent written and oral communication skills, inter-personal skills, and effective skills to support security programs. Must be able to provide formal reports and presentations as required
  • Strong attention to detail and with the ability to prioritize tasks
  • Excellent problem-solving ability and ability to resolve issues under tight time frames
  • Experience using Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.) preferred
  • Experience using ServiceNow preferred
  • Ability to work full time in a fast-paced office environment; physically able to sit/stand at a computer and work in front of a computer screen for significant portions of the work day

Option 1: Create a New Profile