INSPYR Solutions
Sr. Security Analyst
INSPYR Solutions, Fort Worth, TX, United States
Title: Senior Security AnalystLocation: Fort Worth, TX 76109Duration: Fulltime / PermanentWork Requirements: US Citizen, GC Holders or Authorized to Work in the U.S. Job SummaryThe Sr. Security Analyst plays a critical role within the organization. This role will provide an expert level of consultation to the organization in the area of technology regulatory compliance, managing other control frameworks and legislation such as Sarbanes Oxley, GLBA, SOC , and NIST. This role will interpret changes to regulatory/framework requirements as well as internal changes and identify impacts to systems, projects and the overall business. This role will also be called upon to assist in the general leadership of IT Governance, Risk , and Compliance within the organization, including risk assessments, security impact assessment and control assessment.Essential Functions Acts as a leader and consultant in the execution and planning of assessment, audits, and exams. Have a strong understanding of IT Risk Management and operating within an IT GRC function. This role may be required to manage IT risk management, including risk analysis, remediation design, reporting, and identifying and implementing compensating controls. Maintains a strong knowledge in the areas relevant to regulatory or framework requirements, standards, and their relationship to applicable systems. Consults on the development or modification of software, networks, hardware, and operations to maintain continual regulatory or framework compliance. Evaluate and ensure the proper level of documentation for policies, procedures, standards, and operational tracking throughout the organization to meet regulatory or framework requirements. Recommend, plan, and sometimes act as project sponsor to achieve and maintain compliance to relevant security frameworks and standards. Perform the corporate Quarterly Access Reviews using an IAM Tool. Recommend and evaluate systems enhancements and solutions. Act as a security and risk advocate within the organization, providing expert security advice where needed.Education and Experience Five years of progressive experience in Information Technology, specializing in Governance, Risk, and Compliance (GRC), with a demonstrated track record of leading and executing IT compliance, risk management, and audit initiatives. Two years of experience facilitating SOC assessments, Sarbanes-Oxley, GLBA audits, or similar audit engagements ensuring stringent compliance and operational excellence. Accomplished in IT risk management, with three years of experience in identifying, assessing, and mitigating risks through comprehensive lifecycle management, evaluations, and strategic consulting. Skilled in control monitoring and reporting over three years. With a strong preference on automating validation processes to enhance efficiency and accuracy in compliance operations. Proficient in managing and evidencing controls within hybrid cloud environments, including SaaS, PaaS, IaaS, and traditional data centers, ensuring robust security and compliance across diverse platforms. Solid understanding of how key risk and control frameworks, including NIST, RMF, COBIT, and ISO, are applied in the development and implementation of comprehensive GRC strategies. Extensive knowledge and application of IT governance, risk, and compliance principles, leveraging the latest technologies and practices to drive organizational success. Experienced in executing access validation processes, contributing to the integrity and security of information systems. Hold appropriate industry recognized certifications; preference for CISM or CISA. (Consideration will be given to other certifications) Working experience with ServiceNow GRC Module and RSA's Identity Governance & Lifecycle (IG&L) is a plus Bachelor's Degree in Information Technology, Information Assurance, Business Administration, Accounting, or a related field, underpinned by practical experience in the GRC domain. (Optional)The following breakdown summarizes the types and frequency of activities typically performed by employees in this position. It is not a guarantee of the actual distribution of activities to be performed. Time % Category Details 1 50 Audit / Assessment liaison and planning Act as a liaison between assessing organizations and IT/Elevate 2 20 IT Control Assessment, Monitoring, Improvement Provide assessment, analysis, consultation and all other functions around meeting framework, contractual, regulatory requirements. 3 10 IT Risk Management Provide oversight, consultation, and administrative support to IT Risk Management processes. 4 10 Access Review Management Drive coordination, improvements, and consultation for access review and access management. 5 10 Other duties as assigned About INSPYR SolutionsTechnology is our focus and quality is our commitment. As a national expert in delivering flexible technology and talent solutions, we strategically align industry and technical expertise with our clients’ business objectives and cultural needs. Our solutions are tailored to each client and include a wide variety of professional services, project, and talent solutions. By always striving for excellence and focusing on the human aspect of our business, we work seamlessly with our talent and clients to match the right solutions to the right opportunities. Learn more about us at inspyrsolutions.com. INSPYR Solutions provides Equal Employment Opportunities (EEO) to all employees and applicants for employment without regard to race, color, religion, sex, national origin, age, disability, or genetics. In addition to federal law requirements, INSPYR Solutions complies with applicable state and local laws governing nondiscrimination in employment in every location in which the company has facilities.