Governance, Risk & Compliance (GRC) Analyst – RSA Archer | Remote (EST Time Zone)
We are seeking a talented and passionate Security Contracts/Regulations and Third Party Security Specialist – GIS Governance, Risk & Compliance Consultant.
- Overall 7+ years of industry experience in security contract negotiations, security regulations research/analysis, and third-party security assessments for large global financial organizations and their Cybersecurity teams
- .Deep experience in applying knowledge of Cybersecurity policies, Cybersecurity standards, Cybersecurity controls, Cybersecurity programs and frameworks to third party security contract negotiations and international cybersecurity regulations
- .Experience with NIST CSF, ISO 27001, NIST 800.30, FFIEC, and SEC Regulation S-P industry standards, frameworks, and regulations for Information Security
- .Subject Matter Expertise in using the Standard Information Gathering Questionnaire (SIG) to conduct third party security assessments
- .Experience with evaluating SOC reports, ISO 27001 certifications, and other internationally recognized independent attestations for evaluating third party security controls
- .Proven expertise in related security domains (e.g., security risk assessments, audits, controls definition/testing, etc.)
- .Comfortable collaborating with Business and Cybersecurity leadership on security contract risks, third-party security assessment risks, and negotiating their resolution
- .Experience in IT Governance, Compliance, and Risk management processes and tools (MetricStream, RSA Archer, OneTrust or similar eGRC platforms)
- .Bachelor’s degree in Computer Science, Computer Information Systems, or an equivalent combination of education, certifications, and experience
- .Proficient use of Microsoft Outlook, Microsoft Teams, Microsoft SharePoint, and Microsoft Office 365
- .Preferred professional qualifications with certifications (CISSP, CISA, CISM, CRISC, etc.)
.