Senior Security Governance, Risk and Compliance Analyst

Remote Full-time
Job Summary:

The Senior Security Governance, Risk and Compliance Analyst will lead the Information Security Governance, Risk and Compliance (GRC) function. The Senior Security GRC Analyst will provide hands-on experience maturing risk management processes and establishing security & privacy related compliance with appropriate security standards and regulations that include ISO, NIST, PCI-DSS, MPA/TPN, GDPR and other industry-standard frameworks. The role will work collaboratively with various stakeholders to ensure success with all related programs. The Senior Security GRC Analyst will use risk-based methodologies and decision-making to arrive at creative and pragmatic solutions, without relying on pre-defined checklists, is an important component of the role. Ensures the performance of all duties in accordance with the company's policies and procedures, all global laws, and regulations, wherein the company operates.

Duties and Responsibilities:
• Review regulatory requirements, external policies or standards related to Information Security & Data Protection/Privacy, and conduct gap analysis to internal security policies and requirements. Ensure compliance with regulatory compliance and certification programs (e.g., ISO 27001, NIST CSF, PCI-DSS, MPA/TPN, GDPR)
• Establish, implement, and monitor the security certifications program and ensure that it continues scale appropriately with the business
• Ensure compliance with the established key metrics that measure data security standards, the ISO standards/certification and provide evidence of compliance for internal and external audits
• Be a Security and Compliance Champion that promotes and evangelizes awareness of different security and compliance risks and best practices across the company
• Perform risk assessments-including third party vendor/supply chain assessments, and manage associated security risk remediation activities
• Conduct control and risk assessments of technical operating environments and third parties.
• Identify, document, and manage gaps related to security and compliance and other tasks to support ensuring the Company’s underlying data and information security processes, infrastructure and measures are fit for purpose and scaled to deliver an appropriate level of protection
• Collaborate with cross-functional teams to ensure security related controls are documented and managed
• Support the business continuity management (BCM) program, including subject matter expertise input for business impact analysis (BIA), developing and testing business continuity plans (BCP), coordinating with IT on disaster recovery planning and updating/implementing crisis management plans (CMP)
• Coordinate third party audits on security, controls, and security/privacy compliance
• Conduct third party risk assessments and collaborate with external and internal stakeholders to identify critical risks to the organization
• Work with third parties to agreed risk treatment plan and participate in contract review
• Serve as a subject matter expert on internal controls, security, privacy and collaborate with Product Strategy and Development on product enhancements, features and security/privacy capabilities
• Respond to customer security/compliance questionnaires
• Stay current on market developments to identify emerging security technologies, risks, and trends
• Bachelor’s Degree in Information Security, Information Systems, Engineering, or other related field or equivalent experience in a related field
• 10+ years of progressive information security GRC experience
• 5+ years of experience conducting & supporting internal/external formal audits (such as PCI-DSS, SOX, HIPAA)
• Professional security certification such as Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Controls (CRISC), PCI-DSS Internal Security Assessor (ISA)
• A comprehension of security standards and frameworks, rules and regulations, and system trust principals, such as ISO, NIST, OWASP, SANS Top 20, PCI-DSS, GDPR, ITIL, and SOC2
• Previous experience with GRC tools such as KCM, Auditboard
• Thorough understanding of Security Methodologies required
• Ability to effectively communicate and educate others on the need and value-add of security governance, risk and compliance efforts

The starting pay range for this position is $112,100 - $134,500 per year however, base pay offered may vary depending on the level of the position, skills, experience, job-related knowledge, and location.

In addition to a comprehensive package of health benefits that include company contributions, RAVE Aerospace offers a variety of additional benefits and perks to enhance your work-life balance experience including but not limited to:
• Discretionary bonus program
• Future financial security with a 401(k) program with company match
• Paid time off covering vacations, personal time off and sick days, capped off by an exciting year-end holiday shutdown
• Embraced flexibility with our alternative work schedule (9/80) to navigate your workweeks with every other Friday off

Apply tot his job

Apply To this Job
Apply Now →

Similar Jobs

Experienced Registered Behavior Technician for In-Home ABA Therapy - Atlanta, GA

Remote

Immediate Hiring: Experienced Registered Behavioral Technician (RBT) for Clinic-Based ABA Therapy Services

Remote

Experienced Registered Behavioral Technician (RBT) - ABA Therapy for Children with Autism Spectrum Disorder

Remote

Experienced Registered Nurse - Telehealth: Providing Remote Care Coordination and Patient Support

Remote

Experienced Substitute Teacher for Riverside County Schools - Join Scoot Education's Innovative Team

Remote

Experienced Substitute Teacher for San Bernardino County - Flexible Schedules & Competitive Pay

Remote

Experienced School Year Instructional Coach for High-Dosage Tutoring Programs in Edgewater Park, NJ

Remote

Experienced School Year Tutor for K-8 Students in Math and Literacy - Mickleton, NJ

Remote

Experienced Secondary Social Studies Teacher for Kansas - Flexible Hybrid Remote Arrangement

Remote

USPS Office Helper

Remote

COO Fractional

Remote

STEAM Scholars (S2) Teacher

Remote

Experienced Remote Social Media Assistant & Travel Coordinator - Work From Home Opportunity

Remote

Experienced Entry-Level Data Entry Customer Care Representative – Remote Opportunity at careerzynith

Remote

Complete remote role for Splunk Administrator for State Client

Remote

Intake Coordinator, Clinical (M-F 12p-9p PT)

Remote

**Remote Data Entry Specialist – Work From Home Position at arenaflex**

Remote

**Experienced Remote Data Entry Clerk - No Prior Experience Needed: Join Our Dynamic Team at Workwarp and Enjoy Flexible Work Arrangements, Competitive Pay, and Endless Growth Opportunities**

Remote

Executive Assistant

Remote

Junior Front-End Developer (VueJS / TyperScript)

Remote
← Back