IT Security GRC Specialist

*We are unable to sponsor as this is a permanent Full time role*

*Hybrid 3 days onsite 2 days remote*

A prestigious company is looking for an IT Security GRC Specialist. This specialist will be the SME for information security GRC and will perform key risk management functions within the security governance department. They will do 3rd party vendor risk management and internal risk management. Experience with frameworks ISO 27001, NIST, SOC, SIG is required.

Responsibilities:

• Management of process improvement, control maturity, and communication of risk throughout assigned GRC service activities. Level II responsibilities include incorporating ISO 27001 principles for continuous improvement throughout all services and support activities.
• Respond to security assessments, questionnaires and audits from clients and third-party business partners in a timely manner. Document and perform assessments as needed. This service also provides contract review for security requirements.
• Technical writing for policies, standards and communications. Lead in the creation and maintenance of security policies, standards, processes guidelines and support documentation.
• Lead, evaluate, and supports the processes necessary to assure that Information Technology (IT) systems meet the organization's cybersecurity and risk requirements. Conduct evaluations of an IT program or its individual components to determine compliance with published standards. Exception management, processing and tracking requests for exception to security controls.
• Ensures appropriate treatment of risk, compliance, and assurance from internal and external perspectives.
• Serve as a subject matter expert for Information Security consulting to technical/non-technical management and staff.
• Ensures security awareness training is aligned, defined, and executed. Evaluation of cyber training/education courses and methods based on instructional needs.
• Administration of the GRC technology platforms.

Qualifications

• Bachelor's degree or five (5) years of work experience in IT Security is required.
• Four (4) years of Information Security experience required. Those containing hands on technical experience are preferred.
• Strong knowledge on Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG is required.
• Technical writing experience is required. Experience with instructional content educational writing strongly preferred.
• Strong knowledge of risk management principles and practices are required.
• Strong knowledge of security administration and role-based security controls are required.
• Three or more years of experience managing timelines and being self-directed preferred.
• Governance, Risk, and Compliance (GRC) tool management (Administrative and/or Engineering) is preferred.
• Interview, gather, and understand content from subject-matter experts.
• Maintain accurate records and manage client security and risk requests.
• Ability to perform as primary Security Subject Matter Expert (SME).
• Ability to facilitate and lead project and vendor risk assessments with relative independence and provide guidance on secure design and operation.
• Ability to independently complete and assist in completing client security questionnaires and security assessments concerning the Firm's security program and controls.
• Demonstrate the ability to create and maintain security policy, standard, guideline, and procedure documents.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.