Btechnical Group LLC
GRC Analyst
Btechnical Group LLC - Frisco, Texas, United States, 75034
Work at Btechnical Group LLC
Overview
- View job
Overview
About the job GRC Analyst
Position Summary
Our client is the premier sports entertainment organization based in the DFW. We are
looking for a Governance, Risk and Compliance (GRC) Security Analyst to join our
cybersecurity team. Our cybersecurity team focuses on managing cybersecurity
functions across the organization, working to ensure the protection of our critical assets
and data. As a GRC security analyst, you will be a valued member of a fast-paced,
innovative, and collaborative cybersecurity team.
The GRC security analyst position is responsible for enabling the organization to comply
with industry and regulatory requirements and standards for cybersecurity. As a GRC
analyst you will play a vital role in ensuring the confidentiality, integrity, and availability
of our organizations information assets. You will be responsible for identifying,
assessing, and managing information security risks, as well as implementing and
maintaining governance frameworks to support the organization's cybersecurity
objectives. The GRC security analyst is expected to support and maintain the cyber risk
management strategy for the organization.
Working with security leadership, the GRC security analyst will routinely assess and
validate the assurance of the security program. As a primary point of contact for internal
and external auditors, the GRC security analyst will monitor progress and support
resolution of outstanding issues that may lead to non-compliance or security threats to
the business. As a key member of the security team, the GRC security analyst will focus
on strong risk management and corporate resiliency.
Essential Job Duties
Conduct enterprise-wide, ongoing risk analysis in coordination with compliance
and security.
Maintain oversight in a GRC-related platform.
Identify and address weaknesses in the security program as they relate to
privacy, cyber risk, business resiliency and compliance frameworks.
Document, formulate and enforce areas of security improvement that balance
risk with business operations and do not diminish efficiencies or innovation.
Support oversight of third parties, vendors and business partners to safeguard
against undue risk presented by external entities. Escalate to security
management and business unit leads when points of weakness are discovered.
Analyze and document findings, and recommend and report program gaps to
security leadership.
Monitor current and proposed security changes impacting regulatory, privacy and
security industry best practice guidance. Apply GRC expertise across key lines of
business, including products, practices and procedures.
Define qualitative and quantitative metrics to assess the success of the security
program and provide regular reports to security and business leadership.
Ensure security and technology teams maintain up-to-date configuration
documentation for systems and processes.
Attend and fully engage in change and project management meetings.
Liaison with auditors, both internal and external, to maintain and implement
controls for compliance and privacy laws.
Develop and implement risk mitigation strategies and controls to address
identified risks and ensure compliance with security standards and regulations.
Establish and maintain information security governance frameworks, policies,
and procedures to guide the organization in managing and protecting sensitive
information.
Act as a point of contact for disaster recovery and business continuity as it
relates to security frameworks, compliance and privacy laws.
Perform other duties as assigned.
Skills and Experience
7+ years of experience in cybersecurity, with extensive expertise in Governance,
Risk, and Compliance (GRC) and deep knowledge of risk management
principles.
Strong business acumen and security technology skills for well-rounded
proficiency, as well as proven ability to align with security practices and
compliance responsibilities.
Experience and understanding of various cybersecurity standards, including but
not limited to ISO 27001 and NIST.
Exceptional written and verbal communication skills, and proven ability to
translate security and risk to all levels of the business.
Ability to work independently and collaboratively in a fast-paced environment.
Attention to detail and a strong commitment to maintaining the confidentiality and
integrity of information assets.
Additional Qualifications
Prior experience with leading GRC systems from vendors such as RSA,
MetricStream and Riskonnect.
Demonstrated problem-solving capabilities, and ability to manage complex local
and international security requirements.
Self-motivated, directed and well-organized, with the vision to position controls in
anticipation of threats.
Successful track record of managing external entities contracts and
relationships, and mitigating risks to business development opportunities.
Familiarity with state, federal and international privacy laws.
Education Requirements
Bachelors degree in computer science, information assurance, MIS or related field, or
equivalent industry experience.
Certification Requirements
Holds or is working toward one or more of the following: CISSP, CRISC, CGEIT or
GRCP.
Position Summary
Our client is the premier sports entertainment organization based in the DFW. We are
looking for a Governance, Risk and Compliance (GRC) Security Analyst to join our
cybersecurity team. Our cybersecurity team focuses on managing cybersecurity
functions across the organization, working to ensure the protection of our critical assets
and data. As a GRC security analyst, you will be a valued member of a fast-paced,
innovative, and collaborative cybersecurity team.
The GRC security analyst position is responsible for enabling the organization to comply
with industry and regulatory requirements and standards for cybersecurity. As a GRC
analyst you will play a vital role in ensuring the confidentiality, integrity, and availability
of our organizations information assets. You will be responsible for identifying,
assessing, and managing information security risks, as well as implementing and
maintaining governance frameworks to support the organization's cybersecurity
objectives. The GRC security analyst is expected to support and maintain the cyber risk
management strategy for the organization.
Working with security leadership, the GRC security analyst will routinely assess and
validate the assurance of the security program. As a primary point of contact for internal
and external auditors, the GRC security analyst will monitor progress and support
resolution of outstanding issues that may lead to non-compliance or security threats to
the business. As a key member of the security team, the GRC security analyst will focus
on strong risk management and corporate resiliency.
Essential Job Duties
Conduct enterprise-wide, ongoing risk analysis in coordination with compliance
and security.
Maintain oversight in a GRC-related platform.
Identify and address weaknesses in the security program as they relate to
privacy, cyber risk, business resiliency and compliance frameworks.
Document, formulate and enforce areas of security improvement that balance
risk with business operations and do not diminish efficiencies or innovation.
Support oversight of third parties, vendors and business partners to safeguard
against undue risk presented by external entities. Escalate to security
management and business unit leads when points of weakness are discovered.
Analyze and document findings, and recommend and report program gaps to
security leadership.
Monitor current and proposed security changes impacting regulatory, privacy and
security industry best practice guidance. Apply GRC expertise across key lines of
business, including products, practices and procedures.
Define qualitative and quantitative metrics to assess the success of the security
program and provide regular reports to security and business leadership.
Ensure security and technology teams maintain up-to-date configuration
documentation for systems and processes.
Attend and fully engage in change and project management meetings.
Liaison with auditors, both internal and external, to maintain and implement
controls for compliance and privacy laws.
Develop and implement risk mitigation strategies and controls to address
identified risks and ensure compliance with security standards and regulations.
Establish and maintain information security governance frameworks, policies,
and procedures to guide the organization in managing and protecting sensitive
information.
Act as a point of contact for disaster recovery and business continuity as it
relates to security frameworks, compliance and privacy laws.
Perform other duties as assigned.
Skills and Experience
7+ years of experience in cybersecurity, with extensive expertise in Governance,
Risk, and Compliance (GRC) and deep knowledge of risk management
principles.
Strong business acumen and security technology skills for well-rounded
proficiency, as well as proven ability to align with security practices and
compliance responsibilities.
Experience and understanding of various cybersecurity standards, including but
not limited to ISO 27001 and NIST.
Exceptional written and verbal communication skills, and proven ability to
translate security and risk to all levels of the business.
Ability to work independently and collaboratively in a fast-paced environment.
Attention to detail and a strong commitment to maintaining the confidentiality and
integrity of information assets.
Additional Qualifications
Prior experience with leading GRC systems from vendors such as RSA,
MetricStream and Riskonnect.
Demonstrated problem-solving capabilities, and ability to manage complex local
and international security requirements.
Self-motivated, directed and well-organized, with the vision to position controls in
anticipation of threats.
Successful track record of managing external entities contracts and
relationships, and mitigating risks to business development opportunities.
Familiarity with state, federal and international privacy laws.
Education Requirements
Bachelors degree in computer science, information assurance, MIS or related field, or
equivalent industry experience.
Certification Requirements
Holds or is working toward one or more of the following: CISSP, CRISC, CGEIT or
GRCP.