Prestigious Financial Institution is currently seeking a GRC Risk and Compliance Analyst, preferably with Archer experience. Candidate is responsible for monitoring, managing and closing existing compliance issues while also ensuring that internal systems are compliant with security standards. Candidate will be involved in the identification, evaluation and interpretation of regulatory, statutory and member security requirements, control deficiencies and information security risks.
Analyze management and technical controls to ensure that specific security and compliance requirements are met through the verification of documented processes, procedures and standards in order to validate maintenance of secure configurations.
Map requirements and regulatory requirements across the information security framework to identify overlapping requirements and compliance efficiencies.
Track FISMA compliance and maintain up-to-date records of requirements and corresponding mitigating controls.
Monitor Third Party Risk Assessments and assist in performing internal risk assessments.
Collaborate on critical IT projects to ensure that security policy/risk issues are addressed throughout the project life cycle.
Monitor Change Management Process to ensure compliance.
Support development of security policies and procedures and support service-level agreements to ensure that security controls are managed and maintained.
Participate in the development of security and privacy awareness training in conjunction with other members of the Security Compliance Group.
Bachelor's degree in Business, with IT audit or compliance experience, or Computer Science, with business and IT Audit/Compliance experience desired.
GRC experience (Archer preferred), as well as working knowledge of IT security impacted regulations and/or standards such as FISMA, NIST, ISO and SOX.
Knowledge of FISMA/NIST information security standards is necessary.
Minimum three year experience conducting security control assessments and audits
Minimum two year experience developing or managing a security awareness program.
CISSP, ISSAP, CISM, CRISC, or CISA preferred.