GRC Analyst

Summary:

The SecOps Engineer is responsible for supporting the development, implementation, and management of security policies, procedures, and protocols within the organization. This role involves monitoring security alerts, analyzing incidents to identify potential threats, conducting vulnerability assessments, and assisting with the investigation of security breaches. The SecOps Engineer will collaborate with IT and other departments to ensure adherence to security best practices while maintaining and managing security tools and technologies. The ideal candidate will have 3+ years of IT experience, a foundational understanding of cybersecurity principles, and experience working with security tools such as firewalls, Endpoint Detection and Response (EDR), Security Information and Event Management (SIEM), and Mobile Device Management (MDM).

Key Responsibilities:

• Security Monitoring & Incident Response: Monitor security alerts, events, and incidents, performing detailed analysis to identify and mitigate potential security threats.
• Vulnerability Assessment & Management: Assist with the identification and management of vulnerabilities in the organization’s infrastructure, ensuring regular assessments are performed to minimize security risks.
• Security Tools Management: Support the management, maintenance, and optimization of security tools, including firewalls, EDR, SIEM, and MDM systems.
• Policy Development & Implementation: Contribute to the development and enforcement of security policies, procedures, and protocols to ensure compliance with organizational and regulatory standards.
• Security Incident Investigation: Assist in investigating security breaches and incidents, providing detailed analysis and recommending corrective actions to prevent future occurrences.
• Collaboration & Best Practices: Work closely with IT, security, and other departments to ensure that security best practices are adhered to across the organization.
• Security Trend Monitoring: Stay current with the latest cybersecurity trends, vulnerabilities, and technologies, leveraging this knowledge to improve security posture and ensure proactive defenses.
• Reporting & Documentation: Maintain detailed records of security incidents, assessments, and responses. Regularly report on security status and compliance to internal stakeholders.
• Vendor Management & Compliance: Manage security and privacy processes related to the vendor management program, including collecting security and privacy questionnaires from vendors in compliance with ISO, SOC2, GDPR, and other standards.
• GRC Process Support: Collaborate with Governance, Risk, and Compliance (GRC) teams to ensure adherence to security standards (ISO 27001, SOC2, PCI) and support internal and external audits by providing necessary artifacts and documentation.
• Continuous Improvement: Identify areas for process improvement and assist in the enhancement of internal security processes, ensuring alignment with industry best practices.

Requirements

Skills & Qualifications:

• Experience: Minimum of 3 years of IT experience, with a focus on security operations, incident response, and vulnerability management. A Bachelor’s degree in a related field (e.g., Information Security, Computer Science) is preferred.
• Cybersecurity Knowledge: Basic understanding of cybersecurity principles, threat management, vulnerability assessments, and security controls.
• Security Tools Familiarity: Experience with security tools such as firewalls, EDR, SIEM, MDM, and other relevant technologies used in security monitoring and defense.
• Analytical & Problem-Solving Skills: Strong ability to analyze security data, troubleshoot issues, and provide actionable insights to improve security defenses.
• Communication Skills: Excellent verbal and written communication skills to document incidents, report on security status, and collaborate with internal teams and external stakeholders.
• Certifications: Relevant cybersecurity certifications such as CompTIA Security+, Certified Ethical Hacker (CEH), or equivalent are a plus and will be considered beneficial.
• Attention to Detail: High attention to detail, ensuring compliance with security policies and thorough investigation and documentation of incidents.
• Collaboration Skills: Ability to work effectively with cross-functional teams, including IT, security, and leadership, to drive security best practices across the organization.
• Process & Compliance Management: Understanding of governance, risk management, and compliance (GRC) processes, including working with security and privacy frameworks such as ISO 27001, SOC2, and GDPR.
• Incident Response: Experience in assisting with the investigation and resolution of security incidents and breaches.
• Proactive Approach: Ability to stay up-to-date with emerging cybersecurity trends, threats, and technologies, implementing them proactively to improve security posture.

Desired Candidate Profile:

• Experience in managing security processes and compliance for vendors and third parties.
• Familiarity with security standards and frameworks, such as ISO 27001, SOC2, PCI, and GDPR.
• Ability to work in a dynamic environment, managing multiple tasks, and responding to security incidents efficiently.
• Strong organizational skills to track and manage multiple security and privacy processes simultaneously.
• A team player who can collaborate across departments and handle responsibilities related to audits and security reporting.