the IS GRC Analyst will be responsible for managing new hire and annual security training and awareness for the firm. The IS GRC Analyst will create and ensure regular communication to the firm regarding relevant security issues. The person will work closely with Marketing, IT Leadership, and senior business leaders in the firm.

Key Responsibilities

• Review, modify and work with the Learning and Development team in rollouts of the new hire training, annual training and security policy acknowledgements with attention to accuracy, relevance, timeliness and satisfactory completion
• Compose and send regular communications to the firm regarding relevant security issues; Review and approve security related knowledgebase articles
• Ensure the communication plan adheres to requirements outlined in the Information Security Management System (ISMS)
• Conduct lunch and learn sessions regarding relevant information security topics
• Responsible for Information Security team website development, maintenance, and content updates
• Assist with the set up and rollout of phishing campaigns and communications required during incident response tabletop exercises and during critical incidents
• Measure and report metrics to IS GRC Manager
• Provide expertise when reviewing updates to information security policies, standards, and procedures; Author and update policies, standards and procedures that are related to compliance and audit
• Lead cross-training activities with IS GRC team to ensure backup support is available
• Improve security efficiency, streamline, and automate work processes while working collaboratively with other team members and IT staff to accomplish objectives
• Manage and track projects (as needed); Review and analyze exception requests
• Be familiar with ServiceNow and manage functional services that are related to communications and training
• May serve as backup to other IS GRC roles; Participate, as needed, in critical incidents and implementation reviews

 Qualifications / Requirements:

• Minimum 2-5 years of professional work experience
• Bachelor’s degree in Information Technology, Marketing, Communications, or related field recommended
• Expected to stay current on security industry trends, new threats, attack techniques, mitigation techniques, and emerging security technologies
• Keep abreast of the latest information security standards, privacy laws, and regulations to ensure compliance both with internal security policies
• Highly motivated to work in information security
• Willingness to increase knowledge and credibility through obtaining training and/or certifications
• Ability to work well as an individual and as part of a team
• Strong written and oral communication skills, inter-personal skills, and effective skills to support security programs. Must be able to provide formal reports and presentations as required
• Strong attention to detail with the ability to prioritize tasks
• Excellent problem-solving ability and ability to resolve issues under tight time frames
• Experience using Microsoft Office Suite (Word, Excel, PowerPoint, SharePoint etc.) preferred
• Experience using ServiceNow preferred
• Experience within Information Security, Marketing, Communications, or Information Technology is desired, but not required
• Strong communication, writing and organizational skills
• Experience with Wombat security awareness training desired, but not required
• Experience with SharePoint 2013 desired, but not required
• Must have the ability to work full time in a fast-paced office environment; Must be physically able to sit/stand at a computer & work in front of a computer screen for significant portions of the work day