RIT Solutions, Inc.
Our client, a top-tier Management Consulting firm, has partnered with an Oil and Natural Gas company to identify a
Global Cybersecurity Senior GRC Analyst
to join their Information Security, Compliance, and Risk Management function.
This role reports to the Global Cybersecurity Governance, Risk and Compliance Manager. The ideal candidate will play a critical role in ensuring the organization operates within regulatory, legal, and compliance obligations while effectively managing risk.
Responsibilities and Qualifications
: •
Governance • Develop and maintain corporate policies, procedures, and frameworks aligned with industry best practices (NIST CSF, SOX, PCI, etc.). • Assist with development and maintenance of GRC process and procedure documentation. • Ensure IT functions comply with best practices and company standards through assessments (peer reviews, audits, etc.). • Track key risk indicators and security metrics. •
Risk Management • Conduct gap assessments to identify threats, vulnerabilities, and potential impacts. • Develop and maintain the risk register, ensuring risks are documented, prioritized, and mitigated. • Perform third-party/vendor risk assessments and ongoing monitoring to evaluate potential risks with external partnerships. • Maintain centralized documentation, continuous monitoring for vendors, and formal escalation protocols for non-compliance. • Document risk acceptance decisions and compensating controls. • Develop and maintain templates for consistent risk documentation. • Evaluate cybersecurity risk on incoming projects and assist in cybersecurity due diligence for merger/acquisition targets. •
Compliance • Ensure compliance with regulatory requirements (GDPR, HIPAA, SOX, PCI-DSS) and industry standards through monitoring, reporting metrics, and security exceptions. • Maintain and drive the compliance framework to ensure policies and standards align with regulatory requirements, laws, and best practices. •
Stakeholder Engagement • Collaborate with business units to understand critical processes and educate stakeholders on risk management concepts and frameworks. • Partner with technical teams to validate remediation plans and present risk findings to governance committees. • Coordinate and collaborate with stakeholders to establish and track metrics for governance programs, monitor regulatory changes, and track outcomes of third-party breaches. • Advise stakeholders on compliance requirements, incorporating new metrics and tools into the governance lifecycle process. • Coordinate the review of policies and standards with stakeholders. •
Collaboration and Reporting • Partner with IT, Legal, HR, and other departments to ensure alignment on risk and compliance efforts. • Create and deliver regular risk and compliance metrics for senior leadership and boards. • Serve as a subject matter expert (SME) for GRC-related queries and initiatives.
Global Cybersecurity Senior GRC Analyst
to join their Information Security, Compliance, and Risk Management function.
This role reports to the Global Cybersecurity Governance, Risk and Compliance Manager. The ideal candidate will play a critical role in ensuring the organization operates within regulatory, legal, and compliance obligations while effectively managing risk.
Responsibilities and Qualifications
: •
Governance • Develop and maintain corporate policies, procedures, and frameworks aligned with industry best practices (NIST CSF, SOX, PCI, etc.). • Assist with development and maintenance of GRC process and procedure documentation. • Ensure IT functions comply with best practices and company standards through assessments (peer reviews, audits, etc.). • Track key risk indicators and security metrics. •
Risk Management • Conduct gap assessments to identify threats, vulnerabilities, and potential impacts. • Develop and maintain the risk register, ensuring risks are documented, prioritized, and mitigated. • Perform third-party/vendor risk assessments and ongoing monitoring to evaluate potential risks with external partnerships. • Maintain centralized documentation, continuous monitoring for vendors, and formal escalation protocols for non-compliance. • Document risk acceptance decisions and compensating controls. • Develop and maintain templates for consistent risk documentation. • Evaluate cybersecurity risk on incoming projects and assist in cybersecurity due diligence for merger/acquisition targets. •
Compliance • Ensure compliance with regulatory requirements (GDPR, HIPAA, SOX, PCI-DSS) and industry standards through monitoring, reporting metrics, and security exceptions. • Maintain and drive the compliance framework to ensure policies and standards align with regulatory requirements, laws, and best practices. •
Stakeholder Engagement • Collaborate with business units to understand critical processes and educate stakeholders on risk management concepts and frameworks. • Partner with technical teams to validate remediation plans and present risk findings to governance committees. • Coordinate and collaborate with stakeholders to establish and track metrics for governance programs, monitor regulatory changes, and track outcomes of third-party breaches. • Advise stakeholders on compliance requirements, incorporating new metrics and tools into the governance lifecycle process. • Coordinate the review of policies and standards with stakeholders. •
Collaboration and Reporting • Partner with IT, Legal, HR, and other departments to ensure alignment on risk and compliance efforts. • Create and deliver regular risk and compliance metrics for senior leadership and boards. • Serve as a subject matter expert (SME) for GRC-related queries and initiatives.