L3 Sr. Operations Analyst-GRC

We are seeking an experienced L3 Sr. Operations Analyst specializing in Governance, Risk, and Compliance (GRC) within the cybersecurity domain. This role involves advanced oversight and management of GRC frameworks, ensuring that cybersecurity practices align with organizational goals, regulatory requirements, and industry standards. The ideal candidate will provide expert-level support for escalated GRC operations, conduct risk assessments, and maintain a robust compliance posture across the enterprise.

Requirements

Key Responsibilities:

Governance:

• Develop, implement, and maintain cybersecurity governance frameworks in alignment with industry standards (e.g., ISO 27001, NIST, COBIT).
  
• Define and enforce cybersecurity policies, standards, and guidelines.
  
• Monitor adherence to governance structures, ensuring consistency across all business units.
  
• Provide expert-level support for escalated governance-related issues and inquiries.
  

Risk Management:

• Conduct detailed risk assessments and develop mitigation strategies for identified vulnerabilities and threats.
  
• Oversee third-party risk assessments to ensure vendor compliance with security policies.
  
• Implement tools and methodologies to monitor, measure, and report risk metrics (KRIs).
  
• Collaborate with stakeholders to prioritize and remediate high-risk areas effectively.
  

Compliance:

• Lead initiatives to ensure compliance with applicable regulations (e.g., GDPR, CCPA, PCI DSS, HIPAA).
  
• Manage audits and certifications, acting as a liaison between external auditors and internal teams.
  
• Maintain evidence repositories for audit readiness and ensure timely responses to compliance inquiries.
  
• Monitor changes in regulatory landscapes and update internal practices accordingly.
  

Incident Response and Escalations:

• Act as an escalation point for GRC-related incidents, providing advanced analysis and remediation plans.
  
• Support investigations into non-compliance incidents and implement corrective actions.
  
• Develop and maintain playbooks for GRC-related incident responses.
  

Reporting and Communication:

• Generate detailed reports on governance, risk, and compliance metrics for senior leadership.
  
• Communicate findings and recommendations from risk assessments and audits to stakeholders.
  
• Provide regular updates on the status of GRC programs and initiatives.
  

Continuous Improvement:

• Identify gaps and recommend enhancements to GRC frameworks, tools, and processes.
  
• Stay updated on emerging GRC technologies, methodologies, and industry trends.
  
• Mentor and train junior analysts on GRC best practices and tools.
  

Required Skills and Qualifications:

Technical Skills:

• Advanced knowledge of GRC frameworks and tools (e.g., Archer, ServiceNow GRC, MetricStream).
  
• Expertise in risk assessment methodologies, such as FAIR (Factor Analysis of Information Risk).
  
• Familiarity with regulatory compliance requirements (e.g., GDPR, SOX, HIPAA, PCI DSS).
  
• Experience with audit and certification processes for standards like ISO 27001 or SOC 2.
  
• Proficiency in security and compliance monitoring tools (e.g., Nessus, Qualys, Tenable).
  

Experience:

• 5+ years of experience in cybersecurity with a focus on GRC roles.
  
• Proven track record in leading risk assessments, compliance initiatives, and governance projects.
  
• Experience in managing enterprise-wide GRC programs across multiple business units.
  

Soft Skills:

• Strong analytical skills to interpret risk and compliance data.
  
• Excellent communication skills for collaboration with technical and non-technical stakeholders.
  
• Detail-oriented and organized, capable of managing multiple projects simultaneously.
  

Preferred Qualifications:

• Certifications: CISM, CRISC, CISSP, ISO 27001 Lead Auditor, or equivalent.
  
• Familiarity with privacy laws and frameworks (e.g., CCPA, GDPR).
  
• Experience with cloud security compliance frameworks (e.g., CSA STAR).