Entry Level GRC Analyst
Hotman Group (HG) has an opportunity for a full-time, remote, Entry-Level IT/ Security GRC Analyst. This position requires 0-2 years experience in a similar role or function and starts as contract-to-hire. Top-tier workers will be converted to permanent within 6 months.
The IT/ Security Governance, Risk, and Compliance (GRC) Analyst will be supporting cybersecurity, compliance, risk, and GRC program initiatives for our clients. This person will work closely with the team and our senior partners to provide client and backend support for security/ IT controls, assessments, analysis, risk, audits, GRC tools, policies, processes, industry frameworks, privacy, just to name a few.
Responsibilities
Assess, evaluate, and make recommendations regarding the adequacy of the security/ IT controls for the client's environment and business objectives
Develop policies, procedures, and processes based on audit findings and/ or compliance framework requirements
Crosswalk controls across multiple security compliance frameworks and regulation to foster adoption and identify gaps
Advise and develop security standards, guidelines, and controls based on best practices and compliance frameworks
Translate security analyses, audit results, and compliance guidance into plain English that is understandable and actionable
Analyze and suggest improvements for security/ IT controls in both design and operation effectiveness
Develop risk registers, ideally aligned to controls, and execute basic risk assessment and management practices
Perform assessments (risk and/or compliance) to develop a baseline for creating or expanding a security program
Develop plans and tracking for non-compliance with applicable controls, and monitoring remediation progress against agreed upon timelines
Work with various client GRC tools
Perform data analysis and manipulation as needed to analyze a problem and create a solution for our clients
Evaluate new and existing technologies for compliance with information governance controls (e.g., access, authentication, encryption, logging, retention)
Perform other duties for Hotman Group or as assigned to best serve our clients in their security, risk, compliance, or GRC programs
Knowledge, Skills, and Abilities
Ability to manage and execute numerous parallel activities in a fast-paced, dynamic team environment
Strong organizational skills with ability to manage multiple tasks and projects, demonstrated prioritization and decision-making skills to not miss deadlines or drop assignments
Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood and actionable
Familiarity and knowledge of fundamental security/ IT concepts (e.g., retention, data classification, change management, access control, asset management, third party risk)
Demonstrated critical thinking skills, but also able to follow instructions to meet the team’s overall objective
Technical aptitude to be able to learn new technologies quickly with little instruction
Strong attention to detail and high commitment to quality
Good attitude and courtesy to work with a smaller, fast-paced team
Efficient and always looking for ways to gain efficiency and maximize time spent
Able to operate with a high degree of independence executing with excellent follow-through for assigned tasks, but also knowing when to stop, ask questions, and seek input from the team or management
Passionate about cybersecurity, risk, compliance, and GRC to make companies more secure and healthy in protecting their data
Not afraid to roll your sleeves up, learn what’s needed to learn, get done what needs to get done
Reliability, discretion, and confidentiality
Requirements
Bachelor's or Graduate degree in cybersecurity, information systems, or a related field
0-2 years of relevant experience in cybersecurity, audit, risk, compliance, or GRC (Governance, Risk, and Compliance) is preferred
Basic understanding of common security and privacy frameworks and regulations (e.g., ISO, NIST, CIS, SOC 2, HIPAA, CCPA, PCI DSS)
Familiarity with risk management practices and a willingness to learn and apply risk-based thinking for prioritization
Exposure to responding to, analyzing, and communicating security and information technology-related practices and controls is a plus
Interest in obtaining security or risk management certifications, with a willingness to pursue them
Technical skills: Proficiency in using basic office tools such as Excel, Word, PowerPoint; ability to learn and adapt quickly to new technologies in a general sense
Basic understanding of audit processes and requirements is desirable
Candidates must be located in the USA and have permanent authorization to work in the USA for any employer
Clear background check is required
Strong internet connection and access to a secure working area
No phone calls please.
About Hotman Group, LLC
Hotman Group is a rapidly growing boutique firm with a deep commitment to quality and execution for our clients. We help business leaders with integrity gain the trust of their customers by providing comprehensive cybersecurity & GRC services.
We offer cybersecurity strategy and program development; fully managed programs including execution, implementation, maturation, and remediation; and everything in between with one-time projects like policies, audits, questionnaires, risk assessments, incident response plans, testing, third party vendors, and other cybersecurity or compliance challenges. We support all the top security compliance frameworks, e.g. SOC 2, NIST CSF, ISO 27001, HITRUST to name just a few.
Our Culture
. We pride ourselves on leaving the Corporate culture behind and creating a collaborative environment where everyone can thrive and grow, be excited to fully show up to work every day, and have a lot of fun in the process of solving complex problems and creating amazing results for our clients!
Job Types: Full-time, Contract
Schedule:
8 hour shift
Monday to Friday
Work Location: Remote
Apply Now
The IT/ Security Governance, Risk, and Compliance (GRC) Analyst will be supporting cybersecurity, compliance, risk, and GRC program initiatives for our clients. This person will work closely with the team and our senior partners to provide client and backend support for security/ IT controls, assessments, analysis, risk, audits, GRC tools, policies, processes, industry frameworks, privacy, just to name a few.
Responsibilities
Assess, evaluate, and make recommendations regarding the adequacy of the security/ IT controls for the client's environment and business objectives
Develop policies, procedures, and processes based on audit findings and/ or compliance framework requirements
Crosswalk controls across multiple security compliance frameworks and regulation to foster adoption and identify gaps
Advise and develop security standards, guidelines, and controls based on best practices and compliance frameworks
Translate security analyses, audit results, and compliance guidance into plain English that is understandable and actionable
Analyze and suggest improvements for security/ IT controls in both design and operation effectiveness
Develop risk registers, ideally aligned to controls, and execute basic risk assessment and management practices
Perform assessments (risk and/or compliance) to develop a baseline for creating or expanding a security program
Develop plans and tracking for non-compliance with applicable controls, and monitoring remediation progress against agreed upon timelines
Work with various client GRC tools
Perform data analysis and manipulation as needed to analyze a problem and create a solution for our clients
Evaluate new and existing technologies for compliance with information governance controls (e.g., access, authentication, encryption, logging, retention)
Perform other duties for Hotman Group or as assigned to best serve our clients in their security, risk, compliance, or GRC programs
Knowledge, Skills, and Abilities
Ability to manage and execute numerous parallel activities in a fast-paced, dynamic team environment
Strong organizational skills with ability to manage multiple tasks and projects, demonstrated prioritization and decision-making skills to not miss deadlines or drop assignments
Strong written and verbal skills, including a demonstrated ability to translate complex or technical information into concepts that are easily understood and actionable
Familiarity and knowledge of fundamental security/ IT concepts (e.g., retention, data classification, change management, access control, asset management, third party risk)
Demonstrated critical thinking skills, but also able to follow instructions to meet the team’s overall objective
Technical aptitude to be able to learn new technologies quickly with little instruction
Strong attention to detail and high commitment to quality
Good attitude and courtesy to work with a smaller, fast-paced team
Efficient and always looking for ways to gain efficiency and maximize time spent
Able to operate with a high degree of independence executing with excellent follow-through for assigned tasks, but also knowing when to stop, ask questions, and seek input from the team or management
Passionate about cybersecurity, risk, compliance, and GRC to make companies more secure and healthy in protecting their data
Not afraid to roll your sleeves up, learn what’s needed to learn, get done what needs to get done
Reliability, discretion, and confidentiality
Requirements
Bachelor's or Graduate degree in cybersecurity, information systems, or a related field
0-2 years of relevant experience in cybersecurity, audit, risk, compliance, or GRC (Governance, Risk, and Compliance) is preferred
Basic understanding of common security and privacy frameworks and regulations (e.g., ISO, NIST, CIS, SOC 2, HIPAA, CCPA, PCI DSS)
Familiarity with risk management practices and a willingness to learn and apply risk-based thinking for prioritization
Exposure to responding to, analyzing, and communicating security and information technology-related practices and controls is a plus
Interest in obtaining security or risk management certifications, with a willingness to pursue them
Technical skills: Proficiency in using basic office tools such as Excel, Word, PowerPoint; ability to learn and adapt quickly to new technologies in a general sense
Basic understanding of audit processes and requirements is desirable
Candidates must be located in the USA and have permanent authorization to work in the USA for any employer
Clear background check is required
Strong internet connection and access to a secure working area
No phone calls please.
About Hotman Group, LLC
Hotman Group is a rapidly growing boutique firm with a deep commitment to quality and execution for our clients. We help business leaders with integrity gain the trust of their customers by providing comprehensive cybersecurity & GRC services.
We offer cybersecurity strategy and program development; fully managed programs including execution, implementation, maturation, and remediation; and everything in between with one-time projects like policies, audits, questionnaires, risk assessments, incident response plans, testing, third party vendors, and other cybersecurity or compliance challenges. We support all the top security compliance frameworks, e.g. SOC 2, NIST CSF, ISO 27001, HITRUST to name just a few.
Our Culture
. We pride ourselves on leaving the Corporate culture behind and creating a collaborative environment where everyone can thrive and grow, be excited to fully show up to work every day, and have a lot of fun in the process of solving complex problems and creating amazing results for our clients!
Job Types: Full-time, Contract
Schedule:
8 hour shift
Monday to Friday
Work Location: Remote
Apply Now