Cynet Systems
GRC Security Analyst
Cynet Systems, San Jose, California, United States, 95199
Job Description:
Pay Range $98hr - $103.05hr
Responsibilities:
Support the GRC operating model and the service-oriented customer engagement model. Support GRC capabilities, such as enterprise security risk management, compliance and audit management, policy management, security awareness training, third party risk management, and metrics and reporting. ssist to manage security compliance programs and activities that support various compliance regulations. Perform risk assessments that address security threats, changes to systems and applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business. Collaborate with various operational and business teams to complete assessments and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders and leadership. Monitor the security risk profiles and events of our suppliers to objectively determine high risk suppliers that require additional review and treatment plans. Establish and maintain security metrics and reporting. Respond to customer security/compliance questionnaires. ct as security risk management ambassador to internal customers. Support the development of automation activities. ccountable for:
The use of defined risk methodologies and best practices to perform IT/Security assessments. Responsible for the planning, scoping, tracking, and execution of these assessments. Driving remediation activities from identification, remediation plan and closure. Hold owners accountable to delivery of remediation solution within the agreed upon/reasonable SLA. Operations and improvements of security audit and compliance programs to support various compliance regulations. Operationalization of a metrics and reporting function to continually report on meaningful security, risk and compliance metrics for operational and executive management. Support the automation of KRIs and KPI reporting that align with operational/business risk areas and corporate risk. Qualifications:
Candidates must have 4+ years working in governance, risk and compliance and/or information security and risk management. Candidates must have 2+ years working on 3rd party and supply chain risk assessments. Functional knowledge of the CISSP security domains and information security industry standard and best practices. Functional knowledge of applicable security regulatory requirements (SOX, GDPR). Functional knowledge of ISMS governance models (i.e. ISO 27001, NIST, CAIQ), information security roles, security controls. Functional knowledge of common security certifications (i.e. ISO 27001, SOC1, SOC2, WebTrust) and ability to glean significance from findings identified in these reports. bility to communicate risk methodologies and concepts to business units and IT teams. Demonstrated experience with controls definition, development, implementation and assessment. Strong interpersonal skills and ability to work effectively with diverse and distributed teams. Strong attention to detail, project management and organizational skills. Self-starter with the ability to effectively manage independent workloads asynchronously with stakeholders across multiple time zones.
Pay Range $98hr - $103.05hr
Responsibilities:
Support the GRC operating model and the service-oriented customer engagement model. Support GRC capabilities, such as enterprise security risk management, compliance and audit management, policy management, security awareness training, third party risk management, and metrics and reporting. ssist to manage security compliance programs and activities that support various compliance regulations. Perform risk assessments that address security threats, changes to systems and applications, process improvement initiatives, supplier assessments (including downstream outsourcers) and other requests from the business. Collaborate with various operational and business teams to complete assessments and drive remediation items to closure. Maintain accurate reporting of remediation activities to bring appropriate visibility to stakeholders and leadership. Monitor the security risk profiles and events of our suppliers to objectively determine high risk suppliers that require additional review and treatment plans. Establish and maintain security metrics and reporting. Respond to customer security/compliance questionnaires. ct as security risk management ambassador to internal customers. Support the development of automation activities. ccountable for:
The use of defined risk methodologies and best practices to perform IT/Security assessments. Responsible for the planning, scoping, tracking, and execution of these assessments. Driving remediation activities from identification, remediation plan and closure. Hold owners accountable to delivery of remediation solution within the agreed upon/reasonable SLA. Operations and improvements of security audit and compliance programs to support various compliance regulations. Operationalization of a metrics and reporting function to continually report on meaningful security, risk and compliance metrics for operational and executive management. Support the automation of KRIs and KPI reporting that align with operational/business risk areas and corporate risk. Qualifications:
Candidates must have 4+ years working in governance, risk and compliance and/or information security and risk management. Candidates must have 2+ years working on 3rd party and supply chain risk assessments. Functional knowledge of the CISSP security domains and information security industry standard and best practices. Functional knowledge of applicable security regulatory requirements (SOX, GDPR). Functional knowledge of ISMS governance models (i.e. ISO 27001, NIST, CAIQ), information security roles, security controls. Functional knowledge of common security certifications (i.e. ISO 27001, SOC1, SOC2, WebTrust) and ability to glean significance from findings identified in these reports. bility to communicate risk methodologies and concepts to business units and IT teams. Demonstrated experience with controls definition, development, implementation and assessment. Strong interpersonal skills and ability to work effectively with diverse and distributed teams. Strong attention to detail, project management and organizational skills. Self-starter with the ability to effectively manage independent workloads asynchronously with stakeholders across multiple time zones.