Job Overview

We are seeking a detail-oriented and proactive Security Analyst - GRC (Governance, Risk, and Compliance) to join our Information Security team. The Security Analyst will play a pivotal role in ensuring the organization’s adherence to regulatory requirements, identifying and mitigating risks, and enhancing governance processes. This position will collaborate with cross-functional teams to maintain a strong security posture and align our operations with industry standards.

Key Responsibilities

• Develop and maintain information security policies, standards, and procedures in line with industry best practices and frameworks.
• Monitor compliance with policies and procedures across departments and provide recommendations for improvement.
• Collaborate with internal stakeholders to support security awareness and training programs.
• Assist in conducting risk assessments and evaluating the effectiveness of existing controls.

• Document, and track risks, including mitigation plans and residual risks.
• Coordinate with stakeholders to ensure timely remediation of identified risks.
• Monitor compliance with applicable laws, regulations, and standards such as HIPAA, PCI DSS.

• Assist with internal and external audits by preparing documentation, evidence, and responses.
• Assist with third party security penetration tests.
• Stay informed about emerging compliance requirements and ensure the organization adapts accordingly.
• Assist in maintaining and enhancing GRC tools and platforms.

• Prepare regular reports and dashboards for leadership on governance, risk, and compliance status.
• Monitor and triage security alerts. 
• Participate in incident response and business continuity planning efforts as needed.
• Work with Enterprise Security, Application Security, and Cloud Security team members
• Maintain the security center of excellence. 

Required Qualifications

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Business Administration, or a related field.
• 3+ years of experience in GRC, risk management, compliance, or a related role.
• Familiarity with GRC frameworks such as ISO 27001, NIST CSF, SOC 2, or COBIT.
• Understanding of regulatory requirements like HIPAA and PCI DSS.
• Proficiency in GRC tools and platforms.
• Strong analytical, organizational, and communication skills.