NavitsPartners
Security Analyst (GRC Analyst) - SECAN24-14469
NavitsPartners, Boca Raton, Florida, us, 33481
Job Title : Security Analyst - Governance, Risk, and Compliance (GRC) AnalystJob Family : Security ManagementJob Variance : AdvancedLocation : Boca Raton, FL, 33434Duration : 12 monthsJob Summary:
The
Security Analyst - GRC
will be responsible for the management, assessment, and mitigation of risks within the organization's information assurance and cybersecurity program. This role will lead the
IT security risk and audit program , ensuring compliance with standards and frameworks such as
NIST, ISO, PCI, and ISACA . The successful candidate will be responsible for performing
information systems and business process risk assessments , identifying control weaknesses, and implementing mitigation strategies.Key Responsibilities:Conduct
PCI, SOC2, ISO, and cybersecurity control reviews
to ensure compliance with security policies.Plan and assess
IT security controls effectiveness , and manage remediation efforts for identified gaps.Develop and maintain the
IT security risk and compliance matrix , performing management reporting on IT systems controls and business process risks.Maintain the
Third Party Risk Management Program (TPRM)
and analyze SOC-2 and other relevant reporting, mapping to key IT security controls such as
NIST, PCI, and COBIT .Manage the
IT security vulnerabilities management program
in alignment with PCI and NIST standards.Identify and assess the value, sensitivity, and criticality of operations and assets that may be impacted by threats.Estimate potential losses from threats to critical assets and operations and suggest
cost-effective mitigation actions .Track and verify remediation of audit findings and ensure compliance with audit standards such as
ISACA .Document results, develop a plan of action, and create milestones to mitigate identified risks.Produce formal audit reports based on ISACA Audit Standards and promote compliance with
PCI DSS
and IT best practices.Skills & Requirements:7-10 years
of IT audit experience (CISA certification preferred).3+ years
of experience in the IT risk management lifecycle.3+ years
of hands-on technical experience (e.g., developer, system administrator).Experience working with the
NIST 800-30 Risk Assessment Standard .Extensive experience evaluating and designing
IT General Controls .Advanced skills in business process mapping, documentation, and policy and procedure development.Knowledge of current cybersecurity threats and solid understanding of
PCI DSS standards .Education & Certifications:Bachelor's degree
in
Computer Science, Information Systems, Business Administration , or a related field (or equivalent work experience).Preferred certifications:
CISA
and
CISSP .
The
Security Analyst - GRC
will be responsible for the management, assessment, and mitigation of risks within the organization's information assurance and cybersecurity program. This role will lead the
IT security risk and audit program , ensuring compliance with standards and frameworks such as
NIST, ISO, PCI, and ISACA . The successful candidate will be responsible for performing
information systems and business process risk assessments , identifying control weaknesses, and implementing mitigation strategies.Key Responsibilities:Conduct
PCI, SOC2, ISO, and cybersecurity control reviews
to ensure compliance with security policies.Plan and assess
IT security controls effectiveness , and manage remediation efforts for identified gaps.Develop and maintain the
IT security risk and compliance matrix , performing management reporting on IT systems controls and business process risks.Maintain the
Third Party Risk Management Program (TPRM)
and analyze SOC-2 and other relevant reporting, mapping to key IT security controls such as
NIST, PCI, and COBIT .Manage the
IT security vulnerabilities management program
in alignment with PCI and NIST standards.Identify and assess the value, sensitivity, and criticality of operations and assets that may be impacted by threats.Estimate potential losses from threats to critical assets and operations and suggest
cost-effective mitigation actions .Track and verify remediation of audit findings and ensure compliance with audit standards such as
ISACA .Document results, develop a plan of action, and create milestones to mitigate identified risks.Produce formal audit reports based on ISACA Audit Standards and promote compliance with
PCI DSS
and IT best practices.Skills & Requirements:7-10 years
of IT audit experience (CISA certification preferred).3+ years
of experience in the IT risk management lifecycle.3+ years
of hands-on technical experience (e.g., developer, system administrator).Experience working with the
NIST 800-30 Risk Assessment Standard .Extensive experience evaluating and designing
IT General Controls .Advanced skills in business process mapping, documentation, and policy and procedure development.Knowledge of current cybersecurity threats and solid understanding of
PCI DSS standards .Education & Certifications:Bachelor's degree
in
Computer Science, Information Systems, Business Administration , or a related field (or equivalent work experience).Preferred certifications:
CISA
and
CISSP .