The Intersect Group
Get AI-powered advice on this job and more exclusive features.
This range is provided by The Intersect Group. Your actual pay will be based on your skills and experience talk with your recruiter to learn more.
Base pay range
$100,000.00/yr - $125,000.00/yr The Senior InfoSec GRC Analyst is responsible for driving the development, implementation, communication, and maintenance of technology policies, standards, and procedures that are aligned to industry standards and regulatory requirements. This role ensures that technology processes adhere to regulatory requirements, manage risks effectively, and establish strong governance practices. The position also develops and implements controls, monitors compliance, and supports risk management activities. Responsibilities
Lead the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines. Continuously evaluate and update cybersecurity and IT policies to ensure they remain current and effective. Ensure policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX, PCI-DSS). Collaborate with cross-functional teams, including IT, legal, compliance, and business stakeholders, to ensure cybersecurity policies align with organizational objectives. Translate complex information and documentation into clear and simple concepts for end-users. Provide specialized expertise to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommend actionable solutions to mitigate risks and strengthen overall security posture. Stay informed about the latest cybersecurity threats, trends, and best practices. Maintain accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses. Benchmark policies against industry standards and best practices. Develop and implement governance frameworks for cybersecurity policy management. Monitor key performance indicators, conduct gap analyses and risk assessments, and implement frameworks as needed. Test and monitor the effectiveness of controls. Establish feedback loops and analyze metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats. Lead and support internal and external audits and assessments of cybersecurity policies and practices. Ensure identified audit and assessment findings and actions are tracked to closure. Maintain comprehensive documentation of all cybersecurity policies, procedures, and related activities. Communicate policy requirements and updates to relevant stakeholders. Identify opportunities for innovation and improvement in cybersecurity policies and practices. Propose mitigation strategies and verify the effectiveness of remediation plans. Requirements
Bachelors Degree in Information Security, Computer Science, Information Technology, or a related field (preferred). Minimum of six (6)+ years experience working in Cybersecurity GRC, policy development, risk management, or a similar field. Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust). Proficiency with data analysis and reporting tools (e.g., Excel, Power BI). Relevant certifications such as CISM and/or CISA (highly desirable). Strong knowledge of regulatory frameworks (NIST, FFIEC, GLBA, NYDFS, SOX, PCI-DSS). Understanding of risk management concepts, control frameworks, and compliance auditing. Ability to provide consultation and recommendations to management. Strong communication skills with the ability to present effectively to both technical and non-technical audiences. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology and Accounting/Auditing #J-18808-Ljbffr
$100,000.00/yr - $125,000.00/yr The Senior InfoSec GRC Analyst is responsible for driving the development, implementation, communication, and maintenance of technology policies, standards, and procedures that are aligned to industry standards and regulatory requirements. This role ensures that technology processes adhere to regulatory requirements, manage risks effectively, and establish strong governance practices. The position also develops and implements controls, monitors compliance, and supports risk management activities. Responsibilities
Lead the development and implementation of comprehensive cybersecurity and IT policies, standards, and guidelines. Continuously evaluate and update cybersecurity and IT policies to ensure they remain current and effective. Ensure policies comply with relevant laws, regulations, and industry standards (e.g., NIST, FFIEC, GLBA, NYDFS, SOX, PCI-DSS). Collaborate with cross-functional teams, including IT, legal, compliance, and business stakeholders, to ensure cybersecurity policies align with organizational objectives. Translate complex information and documentation into clear and simple concepts for end-users. Provide specialized expertise to perform framework-oriented risk assessments, identify deficiencies, generate reports, and recommend actionable solutions to mitigate risks and strengthen overall security posture. Stay informed about the latest cybersecurity threats, trends, and best practices. Maintain accurate and up-to-date records of policy reviews, risk assessments, training activities, and incident responses. Benchmark policies against industry standards and best practices. Develop and implement governance frameworks for cybersecurity policy management. Monitor key performance indicators, conduct gap analyses and risk assessments, and implement frameworks as needed. Test and monitor the effectiveness of controls. Establish feedback loops and analyze metrics to continuously improve cybersecurity policies based on audit findings, incident reviews, and emerging threats. Lead and support internal and external audits and assessments of cybersecurity policies and practices. Ensure identified audit and assessment findings and actions are tracked to closure. Maintain comprehensive documentation of all cybersecurity policies, procedures, and related activities. Communicate policy requirements and updates to relevant stakeholders. Identify opportunities for innovation and improvement in cybersecurity policies and practices. Propose mitigation strategies and verify the effectiveness of remediation plans. Requirements
Bachelors Degree in Information Security, Computer Science, Information Technology, or a related field (preferred). Minimum of six (6)+ years experience working in Cybersecurity GRC, policy development, risk management, or a similar field. Experience with GRC tools (e.g., Archer, ServiceNow, OneTrust). Proficiency with data analysis and reporting tools (e.g., Excel, Power BI). Relevant certifications such as CISM and/or CISA (highly desirable). Strong knowledge of regulatory frameworks (NIST, FFIEC, GLBA, NYDFS, SOX, PCI-DSS). Understanding of risk management concepts, control frameworks, and compliance auditing. Ability to provide consultation and recommendations to management. Strong communication skills with the ability to present effectively to both technical and non-technical audiences. Seniority level
Mid-Senior level Employment type
Full-time Job function
Information Technology and Accounting/Auditing #J-18808-Ljbffr