L3 Sr. Operations Analyst-GRC
lagos, Nigeria
Blue Pearl
Our core service offerings range from cloud services, data analytics, software development and ICT resourcing.
We are seeking an experienced L3 Sr. Operations Analyst specializing in Governance, Risk, and Compliance (GRC) within the cybersecurity domain. This role involves advanced oversight and management of GRC frameworks, ensuring that cybersecurity practices align with organizational goals, regulatory requirements, and industry standards. The ideal candidate will provide expert-level support for escalated GRC operations, conduct risk assessments, and maintain a robust compliance posture across the enterprise.
Key Responsibilities:
Governance:
Risk Management:
Compliance:
Incident Response and Escalations:
Reporting and Communication:
Continuous Improvement:
Required Skills and Qualifications:
Technical Skills:
Experience:
Soft Skills:
Preferred Qualifications:
Requirements
Key Responsibilities:
Governance:
- Develop, implement, and maintain cybersecurity governance frameworks in alignment with industry standards (e.g., ISO 27001, NIST, COBIT).
- Define and enforce cybersecurity policies, standards, and guidelines.
- Monitor adherence to governance structures, ensuring consistency across all business units.
- Provide expert-level support for escalated governance-related issues and inquiries.
Risk Management:
- Conduct detailed risk assessments and develop mitigation strategies for identified vulnerabilities and threats.
- Oversee third-party risk assessments to ensure vendor compliance with security policies.
- Implement tools and methodologies to monitor, measure, and report risk metrics (KRIs).
- Collaborate with stakeholders to prioritize and remediate high-risk areas effectively.
Compliance:
- Lead initiatives to ensure compliance with applicable regulations (e.g., GDPR, CCPA, PCI DSS, HIPAA).
- Manage audits and certifications, acting as a liaison between external auditors and internal teams.
- Maintain evidence repositories for audit readiness and ensure timely responses to compliance inquiries.
- Monitor changes in regulatory landscapes and update internal practices accordingly.
Incident Response and Escalations:
- Act as an escalation point for GRC-related incidents, providing advanced analysis and remediation plans.
- Support investigations into non-compliance incidents and implement corrective actions.
- Develop and maintain playbooks for GRC-related incident responses.
Reporting and Communication:
- Generate detailed reports on governance, risk, and compliance metrics for senior leadership.
- Communicate findings and recommendations from risk assessments and audits to stakeholders.
- Provide regular updates on the status of GRC programs and initiatives.
Continuous Improvement:
- Identify gaps and recommend enhancements to GRC frameworks, tools, and processes.
- Stay updated on emerging GRC technologies, methodologies, and industry trends.
- Mentor and train junior analysts on GRC best practices and tools.
Required Skills and Qualifications:
Technical Skills:
- Advanced knowledge of GRC frameworks and tools (e.g., Archer, ServiceNow GRC, MetricStream).
- Expertise in risk assessment methodologies, such as FAIR (Factor Analysis of Information Risk).
- Familiarity with regulatory compliance requirements (e.g., GDPR, SOX, HIPAA, PCI DSS).
- Experience with audit and certification processes for standards like ISO 27001 or SOC 2.
- Proficiency in security and compliance monitoring tools (e.g., Nessus, Qualys, Tenable).
Experience:
- 5+ years of experience in cybersecurity with a focus on GRC roles.
- Proven track record in leading risk assessments, compliance initiatives, and governance projects.
- Experience in managing enterprise-wide GRC programs across multiple business units.
Soft Skills:
- Strong analytical skills to interpret risk and compliance data.
- Excellent communication skills for collaboration with technical and non-technical stakeholders.
- Detail-oriented and organized, capable of managing multiple projects simultaneously.
Preferred Qualifications:
- Certifications: CISM, CRISC, CISSP, ISO 27001 Lead Auditor, or equivalent.
- Familiarity with privacy laws and frameworks (e.g., CCPA, GDPR).
- Experience with cloud security compliance frameworks (e.g., CSA STAR).
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
0
0
0
Categories:
Analyst Jobs
Compliance Jobs
Incident Response Jobs
Tags: Audits CCPA CISM CISSP Cloud COBIT Compliance CRISC GDPR Governance HIPAA Incident response ISO 27001 Monitoring Nessus NIST PCI DSS Privacy Qualys Risk assessment Risk management SOC SOC 2 SOX Vulnerabilities
Region:
Africa
Country:
Nigeria
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information System Security Officer jobsInformation Systems Security Officer jobsSenior Cloud Security Engineer jobsInformation Security Manager jobsSenior Network Security Engineer jobsSenior Cybersecurity Engineer jobsInformation Security Specialist jobsSecurity Consultant jobsSecurity Specialist jobsSenior Information Security Analyst jobsSenior Penetration Tester jobsIT Security Engineer jobsSenior Cyber Security Engineer jobsCyber Security Specialist jobsChief Information Security Officer jobsPrincipal Security Engineer jobsIT Security Analyst jobsInformation System Security Officer (ISSO) jobsStaff Security Engineer jobsCloud Security Architect jobsCyber Security Architect jobsSecurity Operations Analyst jobsSystems Administrator jobsThreat Intelligence Analyst jobsSenior Information Security Engineer jobs
GDPR jobsSaaS jobsEncryption jobsForensics jobsTop Secret jobsEDR jobsSDLC jobsMalware jobsRMF jobsSplunk jobsSQL jobsIDS jobsBash jobsIPS jobsIntrusion detection jobsCompTIA jobsDocker jobsDoDD 8570 jobsITIL jobsFinance jobsThreat detection jobsTerraform jobsOWASP jobsCRISC jobsTCP/IP jobs
Active Directory jobsVPN jobsGIAC jobsClearance Required jobsUNIX jobsIT infrastructure jobsBanking jobsAnsible jobsSANS jobsJira jobsJavaScript jobsHIPAA jobsDNS jobsOSCP jobsPolygraph jobsMITRE ATT&CK jobsSOX jobsData Analytics jobsMachine Learning jobsGCIH jobsSOAR jobsSOC 2 jobsCCSP jobsCISO jobsSecurity strategy jobs