LanceSoft
Information Security Governance Analyst
LanceSoft, Foster City, California, United States, 94420
Job Title: Information Security Governance AnalystLocation: Foster City, CADuration: 6+ MonthsPay rate range: $75.00 - $80.00/hour.
Job Description:
We are seeking an highly skilled Information Security Governance Compliance Analyst who will be responsible for ensuring that the organization adheres to established information security governance, risk management, and compliance GRC frameworks.This role involves conducting internal compliance assessments, risk assessments, and ensuring adherence to policies and standards.The analyst will work closely with various departments to ensure compliance with frameworks such as NIST 800-53, ISO 27001, ISO 21434, and other relevant standards.
In this role you will be engaged in the following areas:Compliance Activities:
Develop and implement security management systems to track objectives and controls.Plan and lead organization-wide security audits to ensure compliance with relevant policies, standards, and frameworks e.g. NIST 800-53, ISO 27001, etc..Coordinate internal and external audits with IT, Product Security, and other departments/teams.Prepare, review, and maintain compliance documentation.
Risk Assessments:
Conduct risk exposure assessments to identify potential threats and vulnerabilities.Perform comparative risk assessments to evaluate different solutions and their impact on security.Prioritize risks based on their potential impact and likelihood, determining security ROI for prioritization considerations.Develop and implement remediation plans for identified risks.
Policy and Standards Management:
Ensure compliance activities align with existing policies, standards, frameworks, and industry regulations.Identify and address shortcomings in platform security and compliance processes.Develop and maintain the control framework, ensuring it is up-to-date and effective.
Collaboration and Communication:
Serve as a liaison between IT and internal auditing teams.Work with various departments to ensure compliance with internal and external requirements.
Qualifications and Experience:
6+ years of experience in conducting security control assessments or audits.6+ years' experience with information security standards and privacy laws e.g., ISO 27001, NIST, GDPR, CCPA, CPRA, etc..
Skills / Knowledge / Abilities:
LLMs Large Language Models, AI artificial intelligence, ML machine learningStrong knowledge of GRC frameworks and tools.Proficiency in risk assessment methodologies and tools.Conceptual understanding of the following technologies:Understanding of security management tools e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc. and perimeter technologies e.g., router, firewalls, web proxies and intrusion prevention, etc..Excellent analytical and critical thinking skills.Strong written and verbal communication skills.Ability to work collaboratively in a dynamic, fast-paced environment.Experience in automotive, aerospace, industrial control systems ICS/SCADA, or high-assurance environments is beneficial, but not required.
Education:
Bachelor's degree in computer science, Information Systems, Business, or a related field, or equivalent relevant experience.
Certifications beneficial:
Professional certifications such as CISA, CISM, CRISC, CISSP.
Job Description:
We are seeking an highly skilled Information Security Governance Compliance Analyst who will be responsible for ensuring that the organization adheres to established information security governance, risk management, and compliance GRC frameworks.This role involves conducting internal compliance assessments, risk assessments, and ensuring adherence to policies and standards.The analyst will work closely with various departments to ensure compliance with frameworks such as NIST 800-53, ISO 27001, ISO 21434, and other relevant standards.
In this role you will be engaged in the following areas:Compliance Activities:
Develop and implement security management systems to track objectives and controls.Plan and lead organization-wide security audits to ensure compliance with relevant policies, standards, and frameworks e.g. NIST 800-53, ISO 27001, etc..Coordinate internal and external audits with IT, Product Security, and other departments/teams.Prepare, review, and maintain compliance documentation.
Risk Assessments:
Conduct risk exposure assessments to identify potential threats and vulnerabilities.Perform comparative risk assessments to evaluate different solutions and their impact on security.Prioritize risks based on their potential impact and likelihood, determining security ROI for prioritization considerations.Develop and implement remediation plans for identified risks.
Policy and Standards Management:
Ensure compliance activities align with existing policies, standards, frameworks, and industry regulations.Identify and address shortcomings in platform security and compliance processes.Develop and maintain the control framework, ensuring it is up-to-date and effective.
Collaboration and Communication:
Serve as a liaison between IT and internal auditing teams.Work with various departments to ensure compliance with internal and external requirements.
Qualifications and Experience:
6+ years of experience in conducting security control assessments or audits.6+ years' experience with information security standards and privacy laws e.g., ISO 27001, NIST, GDPR, CCPA, CPRA, etc..
Skills / Knowledge / Abilities:
LLMs Large Language Models, AI artificial intelligence, ML machine learningStrong knowledge of GRC frameworks and tools.Proficiency in risk assessment methodologies and tools.Conceptual understanding of the following technologies:Understanding of security management tools e.g., vulnerability scanners, file integrity monitoring, configuration monitoring, etc. and perimeter technologies e.g., router, firewalls, web proxies and intrusion prevention, etc..Excellent analytical and critical thinking skills.Strong written and verbal communication skills.Ability to work collaboratively in a dynamic, fast-paced environment.Experience in automotive, aerospace, industrial control systems ICS/SCADA, or high-assurance environments is beneficial, but not required.
Education:
Bachelor's degree in computer science, Information Systems, Business, or a related field, or equivalent relevant experience.
Certifications beneficial:
Professional certifications such as CISA, CISM, CRISC, CISSP.