GRC Security Analyst
GDH

Candidate Description

This position will focus on evaluating the security controlswithin the enterprise architecture to identify vulnerabilities as part ofSystem Security Plan creation and Authority to Operate processes. Our general assessments measure clientsagainst a subset of the NIST 800-53/800-171 catalog and PCI-DSS catalog ofsecurity and privacy controls. GRC Analyst must have enough IT background toanalyze information and prepare reports defining the client's maturity levelfor each security objective. In addition, the assessor will provide remediationsuggestions to address vulnerabilities and improve the overall security of theenterprise architecture. Assignments will require GRC Analyst to be travel 25%and the rest would be remote.

Responsibilities

• Meet with clients to perform security assessments.

· Develop and coordinate allauthorization documentation associated including the Systems Categorization,Systems Security Plan, and Security Assessment Report.

· Develop and coordinate allauthorization documentation associated including the Systems Categorization,Systems Security Plan, and Security Assessment Report.

· Review existing SA&Adocumentation, System Security Plan (SSP), Security Assessment Report (SAR),and other supporting artifacts.

· Ensuring the information systemreceives and maintains a valid authority to operate (ATO) at all times.

• Perform analysis through interviews and examination of policy and process documentation.
• Define the client's maturity levels for specific security objectives.
• Provide recommendations to improve current maturity levels, this will include cost estimates.
• Follow basic audit and assessment guidelines as outlined by ISACA.
• Provide reporting through Word, Excel, and PowerPoint.
• Deliver products to Technical and Executive levels through remote and onsite presentations.
• Utilize secure methods of delivery.
• Meet with clients to understand and define business objectives, requirements, and constraints.
• Follows basic quality techniques in both processes and services to ensure the organization's quality standards are met.
• Travel to customer sites as needed. Estimated 25%.
• Communicate with staff at all levels of a client organization.
• Train and lead users through implementation of security solutions.

Qualifying Experience and Attributes

• Minimum of 2 years' experience in performing security assessments.
• Excellent communication skills, written and verbal.
• Ability to present to both Technical and Executive levels.
• Knowledge of Word, Excel, PowerPoint, SharePoint.
• Experience with GRC related tools like RSA Archer and Tenable.

· Technical background that willassist in complying with the NIST SP 800-53/800-171 and PCI security controlsand gather evidence to support compliance.

• Experience in creating process documentation.
• In-depth understanding and knowledge of NIST 800-53 controls.
• Customer service orientation.

· Work effectively as part of a team in a full-time position (M-F, 8AM- 5PM, CST).

· Self-motivated, well organized and able tocomplete multiple tasks accurately.

• Experience in working multiple projects at any given time.
• Professional Certification CISA, CISSP, CBAP, CAP, and/or PMP (highly preferred)
• Must pass a criminal background check and drug screen

· US Citizen and must be able to pass backgroundcheck(s)