The Information Security GRC Business Analyst will be responsible for providing project management support to various initiatives within information security. The IS GRC Business Analyst will provide technical expertise and protection of assets by reviewing, analyzing, and implementing security controls, functions, and processes within the enterprise to support the overall information security program and other security initiatives. The IS GRC Business Analyst will consult and interface with network administrators, system administrators, desktop support staff, IT staff, developers, and non-IT departments on security issues and requirements.

Key Responsibilities:

• Assess data protection capabilities, gather requirements from various IT and business teams, and implement and maintain the Data Protection program
• Review and analyze Data Loss Prevention (DLP), data protection events and alerts
• Work closely with Legal / Risk Management to define processes and instruct in how to review and understand alerts
• Effectively track tasks and ensure documentation is updated regularly
• Coordinate incident response with Security Operations, Risk Management, Legal, and other Information Owners
• Measure and report metrics to the Security Operations Team and CISO
• Successfully manage multiple priorities and deadlines
• Stay current on security industry trends, new threats, attack techniques, mitigation techniques, and emerging security technologies; Keep abreast of the latest information security standards, privacy laws, and regulations to ensure compliance with internal security policies
• May serve as backup to other IS GRC roles
• Participate, as needed, in critical incidents and implementation reviews
• Additional tasks as required

Qualifications / Requirements:

• Highly motivated to work in information security
• Minimum 2-5 years of Information Security, Risk, Compliance, Audit or Information Technology experience preferred
• Bachelor’s degree in Information Technology or related field recommended
• Willingness to increase knowledge and credibility through obtaining training and/or certifications
• Knowledge of information systems security concepts and current information security trends and practices
• Security Certifications such as the following are a plus:
  • Certified Information Privacy Technologist (CIPT)
  • Certified in Risk and Information Systems Control (CRISC)
  • CompTIA Security+ (Sec+)
  • CISSP
  • GIAC Information Security Fundamentals (GISF)
  • GIAC Security Essentials (GSEC)
  • GIAC Certified Incident Handler (GCIH)
  • GIAC Certified Intrusion Analyst (GCIA)
  • Project Management Professional (PMP)
• Strong project management and organizational skills
• ServiceNow experience preferred
• Ability to work well as an individual and as part of a team
• Desire to continuously improve processes and procedures and share information with the team
• Excellent written and oral communication skills, inter-personal skills, and effective skills to support security programs. Must be able to provide formal reports and presentations as required
• Attention to detail and with ability to prioritize tasks to ensure work is completed in an accurate, timely manner
• Excellent problem-solving ability and ability to resolve issues under tight timeframes
• Ability to work full time in a fast-paced office environment; physically able to sit/stand at a computer and work in front of a computer screen for significant portions of the work day