Security Analyst - functioning as Governance Risk Compliance (GRC) Analyst

This role is responsible for overseeing the assessment, mitigation, and governance of IT security risks within the transportation agency, ensuring compliance with leading industry standards (NIST, ISO, PCI, ISACA). Key duties include leading the IT security risk and audit program, developing and executing security risk strategies, conducting risk assessments, and evaluating technical, physical, and administrative controls. Additionally, the GRC Analyst will manage third-party risk, coordinate the remediation of audit findings, and oversee the vulnerability management program. Collaboration with Security Operations, IT Operations, and business units will be essential to maintain compliance with security policies and industry standards.

Responsibilities include:

• Performing reviews based on PCI, SOC2, ISO, and Florida cybersecurity controls
• Managing remediation efforts for identified gaps and assessing the effectiveness of newly implemented controls
• Maintaining the IT security risk and compliance matrix and producing management reports
• Maintaining the Third-Party Risk Management Program (TPRM)
• Managing IT security vulnerabilities in line with PCI and NIST standards
• Performing risk evaluations, ranking asset sensitivity, estimating potential loss, and identifying cost-effective mitigation strategies
• Producing formal audit reports based on ISACA Audit Standards
• Promoting compliance with regulatory standards like PCI DSS and IT best practices

Must-have Skills:

• 7-10 years of IT Audit experience (CISA certification preferred)
• 3 years of IT Risk Management lifecycle experience
• 3 years of hands-on technical experience (e.g., developer, system administrator)
• Experience with NIST 800-30 Risk Assessment Standard
• Strong experience with IT General Controls evaluation and design
• Advanced skills in business process mapping and documentation, as well as policy and procedure development
• Up-to-date knowledge of Information Security, including current threats and risk mitigation strategies
• Solid understanding of PCI DSS standards

Location:

• Boca Raton, FL. This is an onsite position.

Background Check:

• A Level 1 background check is required before starting the work.

Job Type: Contract

Pay: $80.00 - $90.00 per hour

Expected hours: 40 per week

Benefits:

• 401(k)
• 401(k) matching

Schedule:

• 8 hour shift

Application Question(s):

• Have you produced formal audit reports based on ISACA or similar audit standards?
• Do you have experience managing a Third-Party Risk Management (TPRM) program?
• Have you managed remediation efforts for identified IT security gaps or audit findings?
• Which regulatory and compliance standards have you worked with (e.g., PCI, SOC2, ISO, NIST)?
• Have you developed or updated IT security policies and procedures?

Experience:

• Vulnerability management: 3 years (Required)
• IT auditing: 7 years (Required)
• System administration: 3 years (Required)
• Information security: 3 years (Required)
• PCI DSS compliance: 3 years (Required)

Ability to Relocate:

• Boca Raton, FL: Relocate before starting work (Required)

Work Location: In person

Salary : $80 - $90