Назад
Company hidden
18 часов назад

Sr. Information Security Governance, Risk and Compliance Analyst (Cybersecurity)

Формат работы
remote (только USA)
Тип работы
fulltime
Грейд
senior
Английский
b2
Страна
US
Вакансия из списка Hirify.GlobalВакансия из Hirify Global, списка международных tech-компаний
Для мэтча и отклика нужен Plus

Мэтч & Сопровод

Для мэтча с этой вакансией нужен Plus

Описание вакансии

Текст:
/

TL;DR

Sr. Information Security Governance, Risk and Compliance Analyst (Cybersecurity): Strengthening information security governance by leading risk management, compliance, and assurance initiatives across the enterprise with an accent on NIST frameworks and SOC 2 audits. Focus on developing System Security Plans (SSPs), managing control frameworks, and automating GRC processes using AI-enabled tools.

Location: Remote (USA). Must be able to work Eastern Time Zone business hours and attend a final round interview on-site in Chattanooga, TN. Sponsorship is not available.

Company

A leading health insurance provider in Tennessee focused on protecting organizational assets through robust security governance.

What you will do

  • Lead SOC 2 audit support, including evidence collection, control validation, and auditor engagement.
  • Develop and maintain NIST-based System Security Plans (SSPs), including control implementations and system boundaries.
  • Perform enterprise and third-party risk assessments, maintain risk registers, and monitor remediation.
  • Manage the full lifecycle of security policies, standards, and governance documentation to ensure audit readiness.
  • Design and manage security awareness programs, including phishing simulations and targeted campaigns.
  • Support customer security assurance by responding to RFPs and security questionnaires.

Requirements

  • Bachelor's degree in a relevant field or equivalent of four years of experience.
  • 5+ years of professional experience in Information Security, with at least 2 years specifically in GRC functions.
  • Must be authorized to work in the US without sponsorship.
  • Ability to work Eastern Time Zone business hours.
  • Strong technical writing skills and ability to translate complex security requirements into actionable documentation.
  • Ability to interpret and apply regulatory requirements such as NIST, SOC 2, and HIPAA.

Nice to have

  • Professional certifications such as CISSP, CRISC, CISA, or CISM.
  • Experience leveraging AI-enabled tools to automate and enhance GRC processes.

Culture & Benefits

  • Remote, work-from-home position.
  • Collaborative environment focusing on shared accountability across all GRC areas.
  • Participation in an on-call rotation approximately two weeks every 30 weeks.

Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →