Principal Cybersecurity Analyst, GRC

Summary

Our client is looking for a Principal Analyst in Cybersecurity Governance, Risk, and Compliance (GRC) to join their team. This role will report directly to the Chief Information Security Officer (CISO) and will focus on strengthening the organization’s security posture while promoting a transparent, risk-aware culture. Comprehensive benefits package includes: highly competitive base salary plus bonus program, health insurance plan, 401(k), generous PTO policy and hybrid-remote work environment.

Responsibilities

• Collaborate with the CISO to develop a service-oriented operating model that supports all GRC services, including data privacy compliance.
• Implement and manage key GRC capabilities, such as policy and exception management, third-party risk management, security reviews and audits, enterprise risk management, compliance management, and international data privacy compliance.
• Maintain the cybersecurity risk register and track associated risks.
• Establish security metrics and reporting across all GRC services.
• Perform risk assessments related to security threats, system changes, application updates, and process improvement initiatives.
• Monitor the security risk profiles of suppliers and identify high-risk suppliers requiring additional review.
• Respond to customer security/compliance questionnaires.
• Work alongside the Enterprise Risk Management and Compliance teams to align with corporate strategies and objectives.
• Ensure adherence to HIPAA, GDPR, PCI, and other relevant global regulations.
• Oversee the configuration and management of data privacy and protection tools to ensure compliance with global regulations and the safeguarding of sensitive corporate data, including intellectual property.
• Collaborate with the Ethics & Compliance Data Privacy team to support employee education on data handling protocols and the protection of sensitive health-related information and corporate assets.
• Stay up-to-date on evolving privacy legislation, regulations, and industry dynamics, assessing their impact on the company’s programs, policies, and training needs.
  
  

Qualifications

• 7 years of experience in cybersecurity, with at least 5 years focused on cybersecurity governance, risk, and compliance.
• Proven success in promoting and collaborating on risk and compliance policies across IT and business units.
• Excellent written and verbal communication skills, with the ability to effectively communicate risks to executive leadership and key stakeholders.
• Strong understanding of cybersecurity frameworks (e.g., ISO 27001) and experience leading their implementation while demonstrating their value.
• Expertise in cybersecurity risk management and control principles, with a proven ability to identify risks and take appropriate mitigating actions.
• Strong organizational and project management skills, with the ability to manage multiple tasks, align stakeholder expectations, and deliver results with professionalism, motivation, and integrity.
• Ability to define and guide the strategic direction of the Cybersecurity GRC function.
• Familiarity with industry standards and regulations, including NIST, SOX, PCI, ISO, GDPR, CCPA, HITRUST, GxP, and others.
• Bachelor’s or Master’s degree in a relevant field, or equivalent combination of education and experience.
  
  

Equal Opportunity Employer. No employee or applicant shall be discriminated against on the basis of gender, race, creed, color, sex, age, national origin, marital status, veteran status, citizenship status, disability, gender identity, or sexual orientation.