NEW JOB OPENING
SECURITY GRC SENIOR ANALYST
IN Remote, USA!

Client’s Security team is seeking an experienced Security Governance, Risk, and Compliance Analyst to contribute to the maintenance of Client''s Security GRC Program. This is a contractor role. The ideal candidate will partner with Client’s Security colleagues to create culture change and ensure security best practices company wide are reflected in Client US and International activities. The Security GRC Senior Analyst will have responsibility for responding and enhancing Client’s external security due diligence process with advertisers, contributing to Pinfosec policies and assisting with the maintenance and administration of the Pinfosec GRC tool (Onspring). They will be an overall advocate for Security Governance, Risk & Compliance across Client.



Skills:



• Day to Day responsibility for responding to and enhancing Client’s external security due diligence process with advertisers

• Assist with the maintenance of key Information Security Policies and standards in conjunction with Policy SMEs

• Maintain routine program metrics to understand program health and increase program adoption and report out on those metrics to key stakeholders

• Ability to provide guidance and support on the use of the GRC platform (Onspring)

• Administer the GRC platform and hold monthly meetings with Security team members to keep security risk register up to date

• Help prepare monthly reports on enterprise security risks for Chief Security Officer and Security Leads utilizing Onspring

• Review and maintain monthly reports on company wide Security awareness training



Preferred Qualifications

• Excellent conceptual, organizational, analytical, and problem-solving skills with the ability to influence the behavior of peers and build relationships with other teams.

• Experience collaborating and influencing with stakeholder and partner organizational leadership and management, including vendors and third parties.

• Bachelor’s degree in Information Security, Computer Science, or related field, or equivalent experience or expertise required.

• Minimum 4 years of cybersecurity experience or related experience in IT, Business or Audit.

• One of the following certifications, or equivalent certifications preferred: CISSP, CISM, GIAC, CISA, CRISC.

• Experience reviewing and interpreting information security data and processes for potential control or framework compliance issues (PCI, NIST, CIS V.8).

• Working knowledge of Governance Risk and Compliance (GRC) tools (ideally Onspring) and automation of risk evaluation, integration with enterprise risk functions, and reporting.

• Experience populating and maintaining a risk register

• Experience and working knowledge of security risk assessment and control frameworks, good understanding of the role and function of regulations, data management practices, and cybersecurity tooling.

• Experience writing Security Policies

• Working knowledge of the role of firewalls, vulnerability management, penetration testing, server and desktop configuration and controls, and encryption, and broad understanding of various security domains.

• Strong sense of ownership and comfortable with autonomy and ambiguity

• Outstanding communication and writing skills that enable you to proactively build relationships, inform others, and clearly explain security requirements to people

• **Only those lawfully authorized to work in the designated country associated with the position will be considered.**

• **Please note that all Position start dates and duration are estimates and may be reduced or lengthened based upon a client’s business needs and requirements.**