Information Security GRC Analyst

Posted about 1 month agoViewed

💎 Seniority level: Middle, 3+ years in information security, risk management, or GRC

📍 Location: United States

💸 Salary: 90000.0 - 105000.0 USD per year

🔍 Industry: Healthcare technology

⏳ Experience: 3+ years in information security, risk management, or GRC

🪄 Skills: AWSProject ManagementCloud ComputingCybersecurityComplianceRisk Management

CISA, Security+, CRISC, or CTPRP certifications in good standing or the ability to obtain within 12 months.
Training in compliance frameworks such as SOC 2, HIPAA, ISO 27001, and FedRAMP.
3+ years of experience in information security, risk management, or GRC.
Familiarity with security frameworks like SOC 2, ISO 27001, or HIPAA.
Experience with compliance management tools and cloud security practices.
Basic understanding of security concepts and GRC tools.
Strong analytical thinking, attention to detail, and problem-solving skills.
Agility to adapt to changing priorities in security compliance.

Conduct risk assessments, maintain the risk registry, and support the development and implementation of security policies and procedures.
Manage the intake and review process for software and vendor security assessments.
Develop and deliver security awareness programs, including phishing simulations.
Address customer security inquiries and maintain the Trust Center.
Track and manage GRC-related tasks, provide project management support for compliance initiatives.
Assist in audits and coordinate evidence collection.
Collaborate with cross-functional teams to integrate security best practices.
Monitor and report on GRC program performance.
Identify process improvements within GRC activities.
Provide ad hoc training sessions on security and compliance topics.