D and H Distributing Co
GRC Analyst
D and H Distributing Co, Harrisburg, Pennsylvania, us, 17124
SUMMARY
D&H Distributing is looking to hire a GRC Security Analyst to assist with managing the Governance, Risk, and Compliance (GRC) program. You will be responsible for developing and ensuring compliance with security policy, carrying out security assessments, and assisting with the development and management of a cybersecurity risk management program. Your experience should include exposure to common cybersecurity frameworks including NIST and ISO 27001. Auditing experience is preferred.
ESSENTIAL DUTIES AND RESPONSIBILITIES
• Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our GRC processes
• Assist with all ongoing compliance activities related to the implementation, maintenance, monitoring, and continuous improvement of the Information Security Management System (ISMS)
• Evaluate the effectiveness of information security controls and performance by developing, monitoring, gathering, and analyzing information security and compliance metrics for management
• Perform third party risk assessments to maintain oversight of third party vendors
• Manage and coordinate client assurance questionnaires, audits and assessments, and calls
• Help support various parts of the company to adopt/maintain a common risk and control framework
• Develop, enhance, operationalize enterprise-level security, risk and privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations
• Perform activities to monitor and assess the security, risk and privacy controls on an ongoing basis. Work closely with the operational departments (Legal, Engineering, Sales, Support, Operations, ...) to develop and monitor policies and standards in compliance with applicable privacy policy & regulations Stay up to date on the latest security and industry trends including their compliance requirements Maintain familiarity with cybersecurity frameworks such as NIST, CIS, and other security technology by attending workshops and reviewing publications Monitor environment for malicious behavior utilizing a variety of security tools and take appropriate remediation Coordinate across organization to ensure mutual success in protecting D&H Monitor changes to the environment to identify if those changes compromise security Investigate security breaches and other cybersecurity incidents with minimal assistance Work with the business units to remediate identified issues with minimal assistance Use the SIEM and analytics tools to monitor logs and understand baseline traffic of the organization Build rules within the SIEM to monitor for new or changed security threats Monitor network traffic for suspicious behavior and, with minimal guidance, determine if traffic is legitimate With minimal assistance, run vulnerability scans across the organization Assist in process improvements to enhance the efficiency of current operational procedures Participate in access control and governance including provisioning/deprovisioning and recertification of accounts Effectively deal with rapid change in a positive manner Participate in all company/location driven communication efforts, including huddles, department meetings, and other related efforts Maintain a positive and professional working relationship with peers, management, support resources, and the community with a constant commitment to teamwork and exemplary customer service to present a professional image of D&H Distributing Perform all other duties as assigned by management in a professional and efficient manner EDUCATION and/or EXPERIENCE
Education
Bachelor's degree in Cybersecurity or similar area of study required or equivalent years of related work experience 3 - 5 years of experience in cybersecurity Industry certifications (CEH, Security+, SANS, CISSP, OSCP, CCNA Security or similar) preferred
Experience
• Experience with system maintenance, monitoring, and alert resolution preferred
• Scripting experience in PowerShell, Python or Perl preferred
• NIST Standards, ISO 27001, and/or PCI DSS
• Security Policy Development
• User Access Reviews (UARs)
• Security and Privacy Impact Assessments (PIAs)
• Exposure to SOC2/SOX/etc.
• Auditing experience (preferred)
• ServiceNow (a plus)
D&H Distributing is looking to hire a GRC Security Analyst to assist with managing the Governance, Risk, and Compliance (GRC) program. You will be responsible for developing and ensuring compliance with security policy, carrying out security assessments, and assisting with the development and management of a cybersecurity risk management program. Your experience should include exposure to common cybersecurity frameworks including NIST and ISO 27001. Auditing experience is preferred.
ESSENTIAL DUTIES AND RESPONSIBILITIES
• Assist with the implementation and operation of Governance Risk and Compliance (GRC) tooling to further improve and automate our GRC processes
• Assist with all ongoing compliance activities related to the implementation, maintenance, monitoring, and continuous improvement of the Information Security Management System (ISMS)
• Evaluate the effectiveness of information security controls and performance by developing, monitoring, gathering, and analyzing information security and compliance metrics for management
• Perform third party risk assessments to maintain oversight of third party vendors
• Manage and coordinate client assurance questionnaires, audits and assessments, and calls
• Help support various parts of the company to adopt/maintain a common risk and control framework
• Develop, enhance, operationalize enterprise-level security, risk and privacy policies, processes and controls to mitigate risk and comply with applicable laws and regulations
• Perform activities to monitor and assess the security, risk and privacy controls on an ongoing basis. Work closely with the operational departments (Legal, Engineering, Sales, Support, Operations, ...) to develop and monitor policies and standards in compliance with applicable privacy policy & regulations Stay up to date on the latest security and industry trends including their compliance requirements Maintain familiarity with cybersecurity frameworks such as NIST, CIS, and other security technology by attending workshops and reviewing publications Monitor environment for malicious behavior utilizing a variety of security tools and take appropriate remediation Coordinate across organization to ensure mutual success in protecting D&H Monitor changes to the environment to identify if those changes compromise security Investigate security breaches and other cybersecurity incidents with minimal assistance Work with the business units to remediate identified issues with minimal assistance Use the SIEM and analytics tools to monitor logs and understand baseline traffic of the organization Build rules within the SIEM to monitor for new or changed security threats Monitor network traffic for suspicious behavior and, with minimal guidance, determine if traffic is legitimate With minimal assistance, run vulnerability scans across the organization Assist in process improvements to enhance the efficiency of current operational procedures Participate in access control and governance including provisioning/deprovisioning and recertification of accounts Effectively deal with rapid change in a positive manner Participate in all company/location driven communication efforts, including huddles, department meetings, and other related efforts Maintain a positive and professional working relationship with peers, management, support resources, and the community with a constant commitment to teamwork and exemplary customer service to present a professional image of D&H Distributing Perform all other duties as assigned by management in a professional and efficient manner EDUCATION and/or EXPERIENCE
Education
Bachelor's degree in Cybersecurity or similar area of study required or equivalent years of related work experience 3 - 5 years of experience in cybersecurity Industry certifications (CEH, Security+, SANS, CISSP, OSCP, CCNA Security or similar) preferred
Experience
• Experience with system maintenance, monitoring, and alert resolution preferred
• Scripting experience in PowerShell, Python or Perl preferred
• NIST Standards, ISO 27001, and/or PCI DSS
• Security Policy Development
• User Access Reviews (UARs)
• Security and Privacy Impact Assessments (PIAs)
• Exposure to SOC2/SOX/etc.
• Auditing experience (preferred)
• ServiceNow (a plus)