Senior Analyst, Cybersecurity Governance, Risk & Compliance

Senior Analyst, Cybersecurity Governance, Risk & Compliance

The Senior Analyst, Cybersecurity Governance, Risk & Compliance (GRC) is responsible for managing compliance-related client requests, ensuring the assessment of security policies and procedures. This role involves responding to inquiries on the Firm's security controls, policies, and processes, supporting Third Party Risk Management (TPRM), and contributing to broader Governance, Risk, and Compliance (GRC) initiatives. The position demands strong communication skills, a proactive mindset, attention to detail, and the ability to quickly adapt and learn.

The company is located in Washington D.C. and will be a hybrid model.

What You Will Be Doing:

• Understand the Firm's IT Risk Management (ITRM) program framework, including policies, standards, procedures, and processes.
• Gain familiarity with the Firm's controls framework to create or revise standard responses for client questionnaires (e.g., SIG).
• Prepare and respond to compliance requests and document-sharing inquiries, including providing evidence and supporting artifacts.
• Oversee external information security assessments, remediation efforts, and track the status of assessment queues.
• Coordinate with external assessors and internal subject matter experts to address compliance inquiries and share security documentation.
• Assist in defining and refining processes for conducting information security control assessments.
• Support the collection and analysis of metrics to report on the effectiveness of the Information Security Program's controls.
• Track and manage findings from security assessments, GRC activities, TPRM due diligence, reassessments, and remediation efforts.
• Contribute to the development of GRC processes, procedures, and supporting documentation.
• Collaborate with the CISO, senior leadership, and other stakeholders to report on the status of the Information Security Program and ongoing security projects.
• Effectively manage competing deadlines and external inquiries through strong organizational skills and attention to detail.
• Participate in efforts to streamline and enhance GRC solutions, processes, and workflows.
• Work with InfoSec, Privacy, and GRC leadership to coordinate, track, and report on team strategies and goals.
• Perform additional tasks as assigned.

Required Skills & Experience:

• Solid understanding of multiple risk management frameworks and standards (e.g., CSC, NIST, ISO, COBIT).
• Proven experience with the NIST Cybersecurity Framework and auditing security controls (NIST SP800-171, NIST SP800-53A).
• Experience working with internal and external audit teams.
• Strong knowledge of information security concepts, technologies, and best practices.
• Proficiency with MS Office tools, including Outlook, Word, Excel, Visio, and PowerPoint.
• Excellent communication skills with the ability to collaborate across various departments, including administrative and legal teams.
• Experience analyzing IT and security control requirements, with an understanding of related technology processes.
• Familiarity with due diligence and compliance documentation (e.g., SOC 2 Type II, ISO 27001 certifications, SIG questionnaires, certificates of insurance, penetration test reports).

• Bachelor's degree (required).
• A minimum of 5 years of combined experience in information technology and information security.

Applicants must be currently authorized to work in the United States on a full-time basis now and in the future.
This position doesn't provide sponsorship.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.