GRC Policy Analyst - Candidates Local to Massachusetts Only

Summary

The Senior IT Policy Analyst works to provide IT policies aligned with NIST security controls

This position will helm all policy work including tracking and updating current policies, managing policy exceptions, and providing metrics and reporting on policy work.

This position will also manage the cybersecurity awareness training program which includes annual training, phishing training, and specialty training for specific groups

• Oversee and manage all policies including revisions
• Develop and manage the policy exception process including metrics and reporting
• Coordinate with key stakeholders on policies and standards
• Research and evaluate policies to ensure they are current and follow all applicable laws, regulations, and guidelines
• Identify and implement GRC security controls based on the NIST framework
• Manage the cybersecurity awareness program including annual training, phishing training, and special group training
• Collaborate within the GRC team on larger GRC projects around risk analysis and compliance requirements

1. 1. 3-to-5 years experience working with NIST Cybersecurity Framework, and familiarity with NIST 800-53 Rev. 5
2. 3-to-5 years experience managing a policy program including updating current policies, tracking exceptions, and developing and reporting out metrics
3. 3 -to-5 years experience working with security content platforms and developing curricula for cybersecurity training

Education

Years of Experience

5 years