Senior GRC Analyst

Summary

Join Business Wire, a global leader in press release distribution, as a Senior Governance, Risk, and Compliance (GRC) Analyst. You will perform cybersecurity governance functions, including developing and maintaining policies, standards, and procedures for cybersecurity controls. Assess the effectiveness of security controls, ensure compliance with relevant frameworks, and streamline risk management processes. Collaborate with business, IT, and security teams to coordinate document development and review. This role requires a strong understanding of cybersecurity risk management and regulatory compliance, along with hands-on experience in relevant tools. The ideal candidate will have a Bachelor’s degree and 5+ years of experience in IT or Information Security, with at least 3 years in authoring security policies. Business Wire offers a competitive salary, remote work options, excellent health benefits, and a comprehensive benefits package.

Requirements

• Bachelor’s degree in Information Security, Information Technology, Information Systems Management, Computer Science, Engineering, or related field(s)
• 5+ years of experience in Information Technology or Information Security, with over 3 years of experience authoring security policies, standards, and procedures
• A strong understanding of cybersecurity controls, risk mitigation strategies, and their application for data protection and privacy compliance
• Must possess solid working knowledge of/experience in: Identity and access management and governance concepts and technologies, such as Microsoft Entra, Active Directory, PAM, etc
• Vulnerability management platforms such as Rapid7
• IT asset management, Configuration Management Databases (CMDB), and network asset discovery tools
• Control frameworks and objectives (e.g., NIST CSF, NIST RMF, PCI-DSS, SOX, SOC 2, GDPR, CCPA, etc.)
• Operating systems, databases, and middleware components
• Conducting compliance and risk assessments
• Management of IT and security projects
• Office 365 tools (Word, Excel, SharePoint, OneDrive, Teams, and PowerPoint)
• Self-motivated and results-oriented, including the ability to prioritize conflicting assignments
• Exceptional organizational skills to balance work and lead projects
• Strong verbal and written skills
• Ability to collaborate and build consensus and strong relationships with various internal and external stakeholders (business, development, security, auditors, legal, etc.)
• Ability to adapt and apply information to new scenarios and technologies

Responsibilities

• Review the existing documents to identify and prioritize the requirements for revisions
• Create new security policies, standards, and responsibility models to clearly outline the organization's security practices and responsibilities
• Evaluate, implement, and administer the Enterprise Policy Management tool to automate the cybersecurity policy and standard management process
• Establish and monitor the policy/standards attestation process by all stakeholders
• Establish and monitor the policy/standards exception process
• Establish and manage a Cybersecurity Awareness Training program
• Facilitate document development/revision through meetings and workshops with SMEs and obtain consensus from their leadership
• Develop questionnaires to assess the compliance of existing cybersecurity policies and standards and identify gaps in the organization’s Cybersecurity Risk Register
• Manage cybersecurity controls and framework implementation, as well as ongoing maintenance
• Develop and maintain an inventory of cybersecurity controls mapped to industry standards (e.g., NIST, SOC2, ISO 27001, CIS) and regulatory requirements (e.g., GDPR, CCPA, and SOX)

Preferred Qualifications

Security and compliance certifications, such as CISSP, CISA, CISM, CGEIT, or CRISC, are preferred

Benefits

• Ability to work remotely
• Excellent health benefits that begin on your first day of employment
• $100 monthly fitness allotment, a tuition reimbursement program, and enhanced mental health resources
• 401(k) plan with generous company match, and annual profit sharing contribution (subject to company performance)
• PTO, Floating Holidays, Wellness Day Off, Birthday Day Off, and more!