RIT Solutions, Inc.
Cybersecurity Sr. GRC Analyst Job at RIT Solutions, Inc. in New York
RIT Solutions, Inc., New York, NY, US, 10261
Cybersecurity Sr. GRC Analyst
Location: 3-day Hybrid (Tue-Thu) in King of Prussia, PA or Denver, PA - Locals only
Duration: 3-6 months, Contract-to-Hire (CTH)
Rate: Best possible, but keep at the lower end (Oil & Gas client budget)
Overview
Our client, a top-tier Management Consulting firm, has partnered with an Oil & Natural Gas company to identify a Global Cybersecurity Senior GRC Analyst. This role sits within the Information Security, Compliance, and Risk Management function and reports to the Global Cybersecurity Governance, Risk & Compliance Manager. The Sr. Analyst will ensure the organization operates within regulatory, legal, and compliance obligations while effectively managing cyber risk.
Key Responsibilities
Governance
• Develop and maintain corporate security policies, procedures, and frameworks aligned with NIST CSF, SOX, PCI, etc.
• Assist in documenting and maintaining GRC processes and procedures.
• Ensure IT functions comply with best practices and standards through reviews, audits, and assessments.
• Track and report on key risk indicators and security metrics.
Risk Management
• Conduct gap assessments to identify threats, vulnerabilities, and risks.
• Maintain the risk register, document risk acceptance decisions, and oversee compensating controls.
• Perform third-party/vendor risk assessments and manage continuous monitoring.
• Support cybersecurity due diligence for M&A targets and evaluate risk on incoming projects.
Compliance
• Monitor compliance with GDPR, HIPAA, SOX, PCI-DSS, and other applicable standards.
• Drive the compliance framework ensuring policies/standards align with evolving regulations.
• Track and report security exceptions and remediation plans.
Stakeholder Engagement
• Collaborate with business units to align risk practices with critical processes.
• Educate stakeholders on risk frameworks and compliance requirements.
• Partner with technical teams to validate remediation plans and present findings to governance committees.
Collaboration & Reporting
• Work with IT, Legal, HR, and other functions to align GRC initiatives.
• Deliver regular risk and compliance metrics to senior leadership and boards.
• Serve as a subject matter expert (SME) for GRC-related queries and initiatives.
Ideal Candidate Profile
• Strong hands-on experience in Governance, Risk, and Compliance (GRC) within cybersecurity.
• Familiarity with frameworks and regulations such as NIST CSF, SOX, PCI, GDPR, HIPAA.
• Skilled in vendor risk management and risk register maintenance.
• Excellent stakeholder management, communication, and reporting skills.
• Ability to thrive in a consulting/client-facing environment with Oil & Gas exposure a plus.
Location: 3-day Hybrid (Tue-Thu) in King of Prussia, PA or Denver, PA - Locals only
Duration: 3-6 months, Contract-to-Hire (CTH)
Rate: Best possible, but keep at the lower end (Oil & Gas client budget)
Overview
Our client, a top-tier Management Consulting firm, has partnered with an Oil & Natural Gas company to identify a Global Cybersecurity Senior GRC Analyst. This role sits within the Information Security, Compliance, and Risk Management function and reports to the Global Cybersecurity Governance, Risk & Compliance Manager. The Sr. Analyst will ensure the organization operates within regulatory, legal, and compliance obligations while effectively managing cyber risk.
Key Responsibilities
Governance
• Develop and maintain corporate security policies, procedures, and frameworks aligned with NIST CSF, SOX, PCI, etc.
• Assist in documenting and maintaining GRC processes and procedures.
• Ensure IT functions comply with best practices and standards through reviews, audits, and assessments.
• Track and report on key risk indicators and security metrics.
Risk Management
• Conduct gap assessments to identify threats, vulnerabilities, and risks.
• Maintain the risk register, document risk acceptance decisions, and oversee compensating controls.
• Perform third-party/vendor risk assessments and manage continuous monitoring.
• Support cybersecurity due diligence for M&A targets and evaluate risk on incoming projects.
Compliance
• Monitor compliance with GDPR, HIPAA, SOX, PCI-DSS, and other applicable standards.
• Drive the compliance framework ensuring policies/standards align with evolving regulations.
• Track and report security exceptions and remediation plans.
Stakeholder Engagement
• Collaborate with business units to align risk practices with critical processes.
• Educate stakeholders on risk frameworks and compliance requirements.
• Partner with technical teams to validate remediation plans and present findings to governance committees.
Collaboration & Reporting
• Work with IT, Legal, HR, and other functions to align GRC initiatives.
• Deliver regular risk and compliance metrics to senior leadership and boards.
• Serve as a subject matter expert (SME) for GRC-related queries and initiatives.
Ideal Candidate Profile
• Strong hands-on experience in Governance, Risk, and Compliance (GRC) within cybersecurity.
• Familiarity with frameworks and regulations such as NIST CSF, SOX, PCI, GDPR, HIPAA.
• Skilled in vendor risk management and risk register maintenance.
• Excellent stakeholder management, communication, and reporting skills.
• Ability to thrive in a consulting/client-facing environment with Oil & Gas exposure a plus.