Governance Risk Compliance (GSR) Sr Analyst

The GRC Sr Analyst core responsibility is the continuous defense of JDCTek systems and networks against internal and external threats. This includes Governance, Risk, and Compliance functions including business impact analysis (BIA), third-party risk management, risk assessments, business continuity/disaster recovery planning (BC/DR), disclosing security breaches, and training/educating the organization on information security policies and best practices. We are currently working towards FTC Safeguard / NIST 800-171 after that and are providing clients with the same. Applicant will work with the business owner and clients on their compliance journey.

Functions and responsibilities

· Leads technology governance, risk and compliance initiatives as a key member of the JDCTek Cyber team.

· Ability to mentor junior team members and provide guidance and support in meeting their objectives.

· Continued improvement of Third-Party Risk Management (TPRM) program and processes.

· Engage with business partners to have meaningful discussions on threats, compensating controls, policies and risk.

· Coordinate with IT operations and Business stake holders to maintain and/or establish an effective disaster recovery and business continuity plan.

· Work with CISO, HR, and business stake holders to educate and empower employees in protecting their company landscape.

· Develop, refine, and implement security policies, procedures, and standards to meet compliance responsibilities.

· Provides privacy guidance on security projects that hold personal identifiable information (PII).

· Ensures security compliance with legal and regulatory standards.

· Prepare reports for management on compliance status.

· Provide information assurance and subject matter expertise as required in support of panels, committees, and working groups.

· Perform threat analysis, security audits, and risk assessments.

· Help define, monitor, and report on cyber security practices, controls, and KPIs.

· Assist in review of and provide feedback on new or changing corporate security policies and processes.

· Carry out other duties assigned by management as required

Education

· Bachelor's degree or higher in Computer Science, Information Systems, or equivalent experience.

Experience

· 5-10 years of experience in information security risk and compliance program management required.

• Leadership or management experience a strong advantage.

Technical skills

· Hands on experience of implementing security and risk frameworks NIST and ISO27001

· Strong knowledge of data protection / privacy requirements

· One or more certifications in the field of cybersecurity preferred including: CISSP, CISM, CISA, CIPP/US, CRISC, CDPSE, CGEIT

· Strong understanding of applicable information security management, governance, compliance principles, practices, laws, rules, and regulations including NIST CSF, ISO 27001/27002, GDPR, CMMC, and CIS.