Governance, Risk, and Compliance Analyst

Job Summary: 

As a GRC Analyst, your role on the team will include leveraging your knowledge of security policies, standards, controls, and industry best practices to consult with others in the firm and inform on risk to systems and data. You will be involved playing a critical role in ensuring that GRC functions are incorporated into key firm programs while validating risk mitigation functions are functioning correctly.

 ***Salary in the range of $70,000 – $90,000 dependent on experience level and geographic location***

Essential Job Duties: 

• Governance 
  • Support the development and management of cyber security policies, standards, procedures, and overall governance based on the NIST Cyber Security Framework, NIST 800-53, and CIS controls.
  • Assess current platforms against security and configuration standards
  • Interface with key security personnel to ensure expectations and remediation activities are aligned to best practices
  • Work closely with the IT team to ensure key cybersecurity risks and issues are identified, addressed, and resolved in a timely manner.
  • Assist in the development and deployment of information security awareness, training, and communication capabilities as it relates to governance changes.
  • Evaluate and process exceptions to information security policies and standards
  • Assist with the administration of identity governance and administration activities
  • Receive audit findings, legal obligations, compliance, and regulatory requirements as input to policy development.
  • Manage lateral transfers of data in and out of the firm and implement ethical walls

• Risk
  • Measure and monitor cybersecurity risk.
  • Manage and prioritize the risk exception queue
  • Perform risk assessments in alignment with methodologies and provide timely feedback to stakeholders
  • Assist in conducting a business impact analysis for business systems, applications, and processes
  • Assist with the development of cyber resilience plans including incident response, business continuity, and disaster recovery
  • Participate in Third Party Risk Management Program activities

• Compliance
  • Maintain awareness of existing and proposed security standards, state and federal legislations and regulations pertaining to information security. 
  • Identify regulatory changes that will affect information security policy, standards, and procedures, and recommend appropriate changes.
  • Participate in internal and external compliance audits and security questionnaire responses.
  • Provide guidance to management and business stakeholders regarding the security impact of regulations, policies, applicable laws, and key risks.
  • Participate in compliance reviews as assigned by management.

Minimum Requirements:

• Understanding of common security regulations (e.g., HIPAA, Meaningful Use, PCI DSS, ISO2700x, FDA, etc.).
• Understanding of common industry security frameworks (e.g., ISO2700x, NIST CSF, NIST SP 800-53, HITRUST, etc.).
• Familiarity with security auditing and risk assessment processes.
• Skills in documenting risk and compliance activities.
• Excellent written and verbal communication skills, interpersonal and collaborative skills, and the ability to communicate strategic information security topics, policies, and standards as well as risk-related concepts to technical and non-technical audiences at various hierarchical levels.
• Proficient in the development and delivery of incident response playbooks and tabletop exercises
• Sound knowledge of business management and an expert knowledge of information/cybersecurity risk management and governance.
• Experience responding to, analyzing, and communicating information security audits.
• Basic understanding of general security concepts including but not limited to cryptography, DLP, Security Operations Center, Security Managed Services, SIEM, FW, Audit, Cloud Security, Mobile Security.

Other Expectations:

• Strong ability to follow instructions, ask intelligent questions, and engage critical thinking skills to complete the work
• Self-starter: ability to work independently with minimal supervision.
• Ability to work effectively in a team environment.
• Maturity to accept direction, confidence to give direction.
• Ability to quickly identify risks that require escalation to higher levels of leadership
• Ability to operate independently and show measurable progress daily
• Ability to manage multiple tasks simultaneously without missing deadlines or dropping assignments
• Ability to adapt quickly and without frustration to changing priorities and emphasis
• Strong attention to detail and high commitment to quality
• Good attitude and courtesy to work with a small, fast-paced team
• Efficient worker looking for ways to gain efficiencies and maximize time spent

Benefits provided include: Paid time off, Health insurance, Vision and Dental Insurance, 401k (with an employer match), life insurance, and many others.  Please reach out for a comprehensive list of benefits provided. 

Ice Miller is committed to recruiting, developing and retaining talented attorneys and professional staff from all backgrounds. To succeed, we take great pride in a culture of inclusion where everyone at Ice Miller feels respected, is treated fairly and has the opportunity to perform at the highest potential. Learn more about Ice Miller’s Diversity & Inclusion efforts on our website. 

Candidates must have permanent authorization to work in the United States. 

Ice Miller LLP is an Equal Opportunity Employer.