Senior Cybersecurity GRC Analyst

The Senior Analyst, Cybersecurity Governance Risk & Compliance is responsible for managing compliance-related client requests to evaluate security policies and procedures. This role involves responding to inquiries regarding the Firm's security controls, policies, processes, and procedures for managed systems and applications. The Senior Analyst also supports Third Party Risk Management and Governance and Risk functions by conducting vendor due diligence, reassessments, ongoing monitoring, and contributing to broader GRC initiatives. Strong communication skills, attention to detail, initiative, and the ability to learn quickly are essential for success in this position. This is a remote position but candidates must live in either: NYC, Washington DC, Atlanta, or Chicago.

Key Responsibilities:

• Compliance and Client Requests:
• Familiarize yourself with the Firm’s IT Risk Management framework, including its policies, standards, procedures, and processes.
• Develop expertise in the Firm’s control structure to create or update standardized responses for client questionnaires (e.g., SIG).
• Prepare and respond to compliance requests, referencing evidentiary artifacts and documentation as needed.
• Coordinate external information security assessments and manage remediation efforts while tracking assessment status.
• Assessment and Reporting:
• Collaborate with external assessors and internal subject matter experts to address compliance inquiries and share security artifacts.
• Support the development of processes for conducting information security control assessments.
• Collect and analyze metrics to measure the effectiveness of security controls and support reporting for the Information Security Program.
• Maintain status tracking for findings from security assessments, GRC activities, and TPRM due diligence assessments, ensuring proper remediation efforts are documented.
• Governance, Risk, and Compliance Development:
• Contribute to the creation and refinement of GRC-related processes, procedures, and documentation.
• Collaborate with the CISO, senior managers, and other stakeholders to report on the status of the Information Security Program and ongoing security projects.
• Participate in initiatives to streamline and enhance GRC solutions, processes, and procedures.
• Work with InfoSec, Privacy, and GRC management to support coordination, tracking, and reporting of team strategies and goals.

Qualifications and Skills:

• Technical Expertise:
• Strong understanding of risk management concepts, frameworks, and standards (e.g., CSC, NIST, ISO, COBIT).
• Experience with the NIST Cybersecurity Framework and auditing security controls from NIST SP800-171 and NIST SP800-53A.
• Familiarity with information security concepts, technologies, and processes.
• Compliance and Audit Knowledge:
• Experience working with internal and external auditing firms.
• Proficiency in analyzing IT and security control requirements and related technology processes.
• In-depth knowledge of due diligence and compliance documents (e.g., SOC II Type II, ISO 27001 Certification, SIG Questionnaires, Certificates of Insurance, Pen Test reports).
• Technical Tools:
• Proficiency in MS Outlook, Word, Excel, Visio, and PowerPoint.
• Soft Skills:
• Excellent communication skills to interact effectively with administrative and legal teams.

Education and Experience:

• Required:
• Bachelor’s degree.
• At least 5 years of combined experience in information technology and information security.