RIT Solutions, Inc.
Cybersecurity Sr. GRC Analyst
Location:
3-day Hybrid (Tue-Thu) in King of Prussia, PA
or
Denver, PA -
Locals only Duration:
3-6 months, Contract-to-Hire (CTH) Rate:
Best possible, but keep at the lower end (Oil & Gas client budget)
Overview Our client, a top-tier Management Consulting firm, has partnered with an Oil & Natural Gas company to identify a
Global Cybersecurity Senior GRC Analyst . This role sits within the Information Security, Compliance, and Risk Management function and reports to the Global Cybersecurity Governance, Risk & Compliance Manager. The Sr. Analyst will ensure the organization operates within regulatory, legal, and compliance obligations while effectively managing cyber risk.
Key Responsibilities Governance • Develop and maintain corporate security policies, procedures, and frameworks aligned with NIST CSF, SOX, PCI, etc. • Assist in documenting and maintaining GRC processes and procedures. • Ensure IT functions comply with best practices and standards through reviews, audits, and assessments. • Track and report on key risk indicators and security metrics. Risk Management • Conduct gap assessments to identify threats, vulnerabilities, and risks. • Maintain the risk register, document risk acceptance decisions, and oversee compensating controls. • Perform third-party/vendor risk assessments and manage continuous monitoring. • Support cybersecurity due diligence for M&A targets and evaluate risk on incoming projects. Compliance • Monitor compliance with GDPR, HIPAA, SOX, PCI-DSS, and other applicable standards. • Drive the compliance framework ensuring policies/standards align with evolving regulations. • Track and report security exceptions and remediation plans. Stakeholder Engagement • Collaborate with business units to align risk practices with critical processes. • Educate stakeholders on risk frameworks and compliance requirements. • Partner with technical teams to validate remediation plans and present findings to governance committees. Collaboration & Reporting • Work with IT, Legal, HR, and other functions to align GRC initiatives. • Deliver regular risk and compliance metrics to senior leadership and boards. • Serve as a subject matter expert (SME) for GRC-related queries and initiatives.
Ideal Candidate Profile • Strong hands-on experience in Governance, Risk, and Compliance (GRC) within cybersecurity. • Familiarity with frameworks and regulations such as NIST CSF, SOX, PCI, GDPR, HIPAA. • Skilled in vendor risk management and risk register maintenance. • Excellent stakeholder management, communication, and reporting skills. • Ability to thrive in a consulting/client-facing environment with Oil & Gas exposure a plus.
3-day Hybrid (Tue-Thu) in King of Prussia, PA
or
Denver, PA -
Locals only Duration:
3-6 months, Contract-to-Hire (CTH) Rate:
Best possible, but keep at the lower end (Oil & Gas client budget)
Overview Our client, a top-tier Management Consulting firm, has partnered with an Oil & Natural Gas company to identify a
Global Cybersecurity Senior GRC Analyst . This role sits within the Information Security, Compliance, and Risk Management function and reports to the Global Cybersecurity Governance, Risk & Compliance Manager. The Sr. Analyst will ensure the organization operates within regulatory, legal, and compliance obligations while effectively managing cyber risk.
Key Responsibilities Governance • Develop and maintain corporate security policies, procedures, and frameworks aligned with NIST CSF, SOX, PCI, etc. • Assist in documenting and maintaining GRC processes and procedures. • Ensure IT functions comply with best practices and standards through reviews, audits, and assessments. • Track and report on key risk indicators and security metrics. Risk Management • Conduct gap assessments to identify threats, vulnerabilities, and risks. • Maintain the risk register, document risk acceptance decisions, and oversee compensating controls. • Perform third-party/vendor risk assessments and manage continuous monitoring. • Support cybersecurity due diligence for M&A targets and evaluate risk on incoming projects. Compliance • Monitor compliance with GDPR, HIPAA, SOX, PCI-DSS, and other applicable standards. • Drive the compliance framework ensuring policies/standards align with evolving regulations. • Track and report security exceptions and remediation plans. Stakeholder Engagement • Collaborate with business units to align risk practices with critical processes. • Educate stakeholders on risk frameworks and compliance requirements. • Partner with technical teams to validate remediation plans and present findings to governance committees. Collaboration & Reporting • Work with IT, Legal, HR, and other functions to align GRC initiatives. • Deliver regular risk and compliance metrics to senior leadership and boards. • Serve as a subject matter expert (SME) for GRC-related queries and initiatives.
Ideal Candidate Profile • Strong hands-on experience in Governance, Risk, and Compliance (GRC) within cybersecurity. • Familiarity with frameworks and regulations such as NIST CSF, SOX, PCI, GDPR, HIPAA. • Skilled in vendor risk management and risk register maintenance. • Excellent stakeholder management, communication, and reporting skills. • Ability to thrive in a consulting/client-facing environment with Oil & Gas exposure a plus.