Senior GRC Analyst (Cybersecurity)
Мэтч & Сопровод
Для мэтча с этой вакансией нужен Plus
Описание вакансии
TL;DR
Senior GRC Analyst (Cybersecurity): Ensuring compliance with contractual and regulatory requirements and assessing control design against common standards with an accent on cyber, contract, and regulatory compliance risk management. Focus on performing third-party risk assessments, monitoring the global legal landscape, and driving operational efficiency through automation and GenAI.
Location: Hybrid (Overland Park, KS or Cary, NC, US)
Company
is a 100% employee-owned global leader in sustainable infrastructure, engineering, procurement, consulting, and construction.
What you will do
- Review client contract provisions related to data security, breach reporting, and cyber resilience to measure compliance.
- Support independent certifications and audits by collecting documentation and evidence from peer groups and lines of business.
- Monitor the global regulatory and legal landscape to ensure alignment of policies with contractual and legal requirements.
- Collaborate with D&IT groups to collect KPIs and KRIs and implement automation to drive efficiency.
- Conduct third-party risk assessments and communicate vendor engagement risks to business owners.
- Develop user training aligned with the current cyber threat landscape and establish performance metrics.
Requirements
- Bachelor’s degree in Information Systems, Information Security, or a related field.
- 7–10 years of experience in GRC executing or auditing against standards, frameworks, and industry regulations.
- Proficiency in risk assessment methodologies and familiarity with NIST CSF, ISO 27001, and AICPA SOC.
- Solid understanding of information security principles, cyber laws, and privacy regulations.
- Must be based in the US; Visa sponsorship is not available.
Nice to have
- Professional certifications such as CRISC, CISSP, or equivalent.
- Experience with the ServiceNow Risk Management platform.
- Knowledge of FAR, DFARS, and CMMC.
Culture & Benefits
- 100% ESOP-owned company with stock ownership rewards.
- Hybrid work environment to support work-life balance.
- Comprehensive benefits starting day one, including medical, dental, vision, and a robust wellness program.
- Company-matched 401k plan.
- Flexible work schedules, paid vacation, holiday time, and sick leave.
- Tuition reimbursement and adoption reimbursement.
Будьте осторожны: если работодатель просит войти в их систему, используя iCloud/Google, прислать код/пароль, запустить код/ПО, не делайте этого - это мошенники. Обязательно жмите "Пожаловаться" или пишите в поддержку. Подробнее в гайде →