Information Security Governance, Risk and Compliance Senior Analyst – Risk Assurance

As a member of the Information Security team, the IS GRC Senior Analyst will be responsible for providing risk assurance for critical client engagements, focusing on information security, cyber security, and data privacy risk.  In addition to working closely with client engagement teams, the person will also need to consult and interface with our Risk Committee, members of the legal organization, and members of the various technology organizations (including network administrators, system administrators, IT staff, and developers) on identifying and helping to mitigate information security and data privacy risks on those key client engagements.

This position is preferably located in Southfield, MI.

this role is expected to be at the Vice President or Director level.

Key Responsibilities:

• Work with the Chief Information Security Officer, Chief Technology Officer, and members of the Legal Organization to identify high risk engagements that would come under this risk assurance process. 
• Define and provide regular reporting on overall and individual engagement risks and the status of risk mitigation efforts.
• Emphasis on cyber security, information security, and data privacy risks associated with critical client engagements based on client importance and potential penalties associated with any issues.
• Expected to stay current on security industry trends, new threats, attack techniques, mitigation techniques, and emerging security technologies
• Keep abreast of the latest information security standards, privacy laws, and regulations to including (but not limited to) the NIST cybersecurity standards, IS27001, SOC2, and GDPR.
• Participate, as needed, in critical incidents and implementation reviews.

Qualifications/Requirements:

• Minimum 5 years of professional work experience
• Experience within Information Security, Risk, Compliance, Audit or Information Technology is highly desired
• Bachelor’s degree required; related field highly preferred
• Certifications in Information Systems Security or Internal Audit desired, but not required
• Highly motivated to work in information security
• Willingness to increase knowledge and credibility through obtaining training and/or certifications (CISSP, CISA, CRISC, etc.)
• Ability to work well as an individual and as part of a team, including with other information technology and security staff, as well as senior client facing staff
• Excellent written and oral communication skills, inter-personal skills, and effective skills to support security programs. Must be able to provide formal reports and presentations as required
• Must give attention to detail and possess the ability to prioritize tasks so work is completed in an accurate, timely manner
• Excellent problem-solving ability and ability to resolve issues under tight time frames.
• Experience using Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.) preferred
• Must have the ability to work full time in an office environment; Must be physically able to sit/stand at a computer & work in front of a computer screen for significant portions of the work day