Sr. Information Security Governance, Risk and Compliance Analyst (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Sr. Information Security Governance, Risk and Compliance Analyst (Cybersecurity): Strengthening information security governance by leading risk management, compliance, and assurance initiatives across the enterprise with an accent on NIST frameworks and SOC 2 audits. Focus on developing System Security Plans (SSPs), managing control frameworks, and automating GRC processes using AI-enabled tools.
Location: Remote (USA). Must be able to work Eastern Time Zone business hours and attend a final round interview on-site in Chattanooga, TN. Sponsorship is not available.
Company
A leading health insurance provider in Tennessee focused on protecting organizational assets through robust security governance.
What you will do
- Lead SOC 2 audit support, including evidence collection, control validation, and auditor engagement.
- Develop and maintain NIST-based System Security Plans (SSPs), including control implementations and system boundaries.
- Perform enterprise and third-party risk assessments, maintain risk registers, and monitor remediation.
- Manage the full lifecycle of security policies, standards, and governance documentation to ensure audit readiness.
- Design and manage security awareness programs, including phishing simulations and targeted campaigns.
- Support customer security assurance by responding to RFPs and security questionnaires.
Requirements
- Bachelor's degree in a relevant field or equivalent of four years of experience.
- 5+ years of professional experience in Information Security, with at least 2 years specifically in GRC functions.
- Must be authorized to work in the US without sponsorship.
- Ability to work Eastern Time Zone business hours.
- Strong technical writing skills and ability to translate complex security requirements into actionable documentation.
- Ability to interpret and apply regulatory requirements such as NIST, SOC 2, and HIPAA.
Nice to have
- Professional certifications such as CISSP, CRISC, CISA, or CISM.
- Experience leveraging AI-enabled tools to automate and enhance GRC processes.
Culture & Benefits
- Remote, work-from-home position.
- Collaborative environment focusing on shared accountability across all GRC areas.
- Participation in an on-call rotation approximately two weeks every 30 weeks.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →