Tech Army
Risk Analyst (GRC)
Tech Army, Boca Raton, Florida, us, 33481
This role, titled
GRC Risk Analyst , focuses on leading the IT security risk and audit program at the Florida Turnpike Enterprise. The individual will be responsible for managing and mitigating risks within the organization, assessing compliance with cybersecurity standards, and coordinating remediation efforts for identified vulnerabilities.Key Responsibilities:IT Audit and Risk Management : Perform audits and risk assessments using standards like NIST, ISO, PCI, and ISACA, and ensure compliance with these frameworks.Security Controls Evaluation : Assess the effectiveness of technical, physical, and administrative security controls and manage remediation of identified gaps.Compliance Reviews : Conduct PCI, SOC2, and ISO reviews to ensure the organizations infrastructure adheres to required standards.Risk Management Strategy : Develop and maintain a risk and compliance matrix, and provide strategies for mitigating identified risks.Third-Party Risk Management (TPRM) : Oversee third-party risks and analyze SOC-2 reporting to ensure compliance with security frameworks like NIST and PCI.Vulnerability Management : Manage IT security vulnerabilities in line with PCI and NIST standards and coordinate remediation efforts.Critical Asset Protection : Identify sensitive operations and assets, estimate potential losses from threats, and recommend cost-effective mitigation strategies.Audit Reporting : Document and report audit findings, coordinate remediation, and ensure compliance with ISACA audit standards.Required Skills & Experience:7-10 years
of IT audit experience (CISA certification preferred).3 years
of experience managing IT risk throughout its lifecycle.3 years
of hands-on experience in technical roles (e.g., developer or system administrator).Strong knowledge of
NIST 800-30
for risk assessments.Advanced skills in
business process mapping , documentation, and policy development.Recent experience in
information security
with knowledge of the current threat landscape.Solid understanding of
PCI DSS
standards.Education and Certifications:Bachelor's degree in Computer Science, Information Systems, Business Administration, or related field, or equivalent work experience.Preferred certifications:
CISA
(Certified Information Systems Auditor) and
CISSP
(Certified Information Systems Security Professional).
GRC Risk Analyst , focuses on leading the IT security risk and audit program at the Florida Turnpike Enterprise. The individual will be responsible for managing and mitigating risks within the organization, assessing compliance with cybersecurity standards, and coordinating remediation efforts for identified vulnerabilities.Key Responsibilities:IT Audit and Risk Management : Perform audits and risk assessments using standards like NIST, ISO, PCI, and ISACA, and ensure compliance with these frameworks.Security Controls Evaluation : Assess the effectiveness of technical, physical, and administrative security controls and manage remediation of identified gaps.Compliance Reviews : Conduct PCI, SOC2, and ISO reviews to ensure the organizations infrastructure adheres to required standards.Risk Management Strategy : Develop and maintain a risk and compliance matrix, and provide strategies for mitigating identified risks.Third-Party Risk Management (TPRM) : Oversee third-party risks and analyze SOC-2 reporting to ensure compliance with security frameworks like NIST and PCI.Vulnerability Management : Manage IT security vulnerabilities in line with PCI and NIST standards and coordinate remediation efforts.Critical Asset Protection : Identify sensitive operations and assets, estimate potential losses from threats, and recommend cost-effective mitigation strategies.Audit Reporting : Document and report audit findings, coordinate remediation, and ensure compliance with ISACA audit standards.Required Skills & Experience:7-10 years
of IT audit experience (CISA certification preferred).3 years
of experience managing IT risk throughout its lifecycle.3 years
of hands-on experience in technical roles (e.g., developer or system administrator).Strong knowledge of
NIST 800-30
for risk assessments.Advanced skills in
business process mapping , documentation, and policy development.Recent experience in
information security
with knowledge of the current threat landscape.Solid understanding of
PCI DSS
standards.Education and Certifications:Bachelor's degree in Computer Science, Information Systems, Business Administration, or related field, or equivalent work experience.Preferred certifications:
CISA
(Certified Information Systems Auditor) and
CISSP
(Certified Information Systems Security Professional).