Cyber Security Governance, Risk, and Compliance Analyst

Company Description

Are you looking to join an organization that is growing and dynamic? What about a high-energy, collaborative environment that rewards hard work?

J.S. Held is a global consulting firm that combines technical, scientific, financial, and strategic expertise to advise clients seeking to realize value and mitigate risk. Our professionals serve as trusted advisors to organizations facing high stakes matters demanding urgent attention, staunch integrity, proven experience, clear-cut analysis, and an understanding of both tangible and intangible assets.

The firm provides a comprehensive suite of services, products, and data that enable clients to navigate complex, contentious, and often catastrophic situations.

Job Description

The Cyber Security Governance, Risk, and Compliance Analyst Will Support The Cyber Security Team To Drive The Design, Implementation, And Ongoing Delivery Of

• Formal Cyber Security Risk Management.
• Cyber Security Policies.
• Cyber Security Compliance.
• Participate in the review and assessment of third-party vendor security controls to ensure compliance with Cyber Security standards.
• Third Party Risk Assessments.
• M&A Cyber Security Due Diligence.
• Disaster Recovery/Business Continuity Planning (DR/BCP).
• Help monitor and ensure compliance with relevant regulatory requirements, such as GDPR, HIPAA, ISO 27001, CMMC, NIST CSF, Cyber Essentials+ among others.
• Support the development of training and awareness programs for employees to promote a security-conscious culture and adherence to J.S. Held.
• Assist in coordinating internal and external audits and examinations related to Compliance and Cyber Security.
• Aid in the preparation and presentation of GRC reports, metrics, and key performance indicators as needed.
• Coordinate annual external penetration test and security assessments utilizing 3rd party.
• Contribute to incident response activities, including updating the directory, documenting and reporting security incidents, and participating in post-incident analysis to identify areas of improvement.
• Stay updated on emerging Cyber Security trends, regulatory changes, and industry standards to assist in keeping the organization's GRC practices current and effective.
• Establishing a process for continuous improvement of the Cyber Security program based on lessons learned from incidents, audits, and assessments.

Qualifications

Required Qualifications

• Professional Level / English Fluency (B2).
• Experienced building and executing technology risk frameworks, assessments, reports, metrics, KRIs, and utilizing risk management tools to analyze and model risk. Ability to align frameworks and policies to address requirements from frameworks like COBIT, NIST CSF and ISO, and regulations such as GDPR, HIPAA NY-500, and CCPA.
• Experience designing and evaluating Cyber Security processes, risks, and controls.
• Technical knowledge of Azure, Azure AD, O365, Windows 10/11, iOS, and technical controls us to secure Technology assets (Data, Client and Server OS, Network, Applications, SaaS, IaaS, etc.)
• Hands-on Cyber Security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.
• Strong oral and written communications skills appropriate for interacting with all levels of staff, vendors, and other stakeholders.
• Ability to develop security standards and guidelines based on best practices and industry standards.
• Excellent interpersonal, communication, and presentation skills, including formal report writing experience.
• Proficiency in analyzing security risks, vulnerabilities, and controls within an IT environment.
• Capability to work on multiple tasks with shifting and sometimes conflicting priorities.
• Able to work effectively with other departments to develop effective and efficient solutions.
• Experience designing and implementing information technology processes.
• Demonstrated experience successfully collaborating with remote colleagues.
• Experience working with vendors or managing vendor relationships.
• Experience collaborating with Compliance, Legal, Infrastructure, HR, and Security teams.
• Ability to deal with ambiguity and flexibility to work collaboratively with others in a dynamic environment.

Preferred Qualifications

• Bachelor’s degree in Computer Science or similar.
• Minimum 8 years of experience in IT Audit, Risk Management or Compliance
• 5+ years (Required) Cyber Security
• 3+ years (Required) Cyber Security - Governance, Risk and Compliance (GRC)
• Professional certifications such as CISA, CompTIA Security+, COBIT, CISM are a plus.

Additional Information

We welcome applications from individuals with disabilities.  If you are an individual with a disability and would like to request a reasonable adjustment in relation to any of the above, please email jobs@jsheld.com and include “Applicant Adjustment” within the subject line with your request and contact information.

Some of the Benefits We Have Include

J.S. Held understands all of our employees are people and sometimes life needs flexibility.  We work to always provide an environment that best supports and suits our team’s needs.

• Our flexible work environment allows employees to work remotely when needed.
• Generous Annual Leave Policy.
• Comprehensive Medical Insurance.

Other Duties

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice.

By submitting your application, you acknowledge that you have read the J.S. Held Online Privacy Notice and hereby freely and unambiguously give informed consent to the collection, processing, use, and storage of your personal information as required and described therein.

Please explore what we’re all about at www.jsheld.com.

EEO and Job Accommodations

We embrace diversity and our commitment to building a team and environment that fosters professional and personal enrichment is unwavering. We are greater when we are equal!

J.S. Held is an equal opportunity employer that is committed to hiring a diverse workforce. All qualified applicants will receive consideration for employment without regard to sex, gender identity, sexual orientation, race, color, religion, national origin, disability, protected Veteran status, age, or any other characteristic protected by law.

#LI-SC1