The Aspen Group (TAG)
GRC Security Analyst at The Aspen Group (TAG) Chicago, IL
The Aspen Group (TAG), Chicago, Illinois, United States, 60290
GRC Security Analyst job at The Aspen Group (TAG). Chicago, IL.
The governance, risk and compliance (GRC) security analyst is a highly respected, influential and in-demand role within the business. The position is responsible for supporting the security direction of the business and elevating the company’s security posture. The GRC security analyst is expected to support the security strategy of the business within new and existing information system capabilities. Consequently, the position requires both an understanding of legacy systems, as well as new technologies and requirements.
The GRC security analyst is also responsible for the planning and design of policies and maintenance. The ideal candidate is technical and possesses at least three years of experience in security, compliance, or risk management. The role oversees the business’ security requirements and obligations mandated by standards and regulations such as the Sarbanes-Oxley Act (SOX), General Data Protection Regulation (GDPR), Health Information Portability and Accountability Act (HIPAA) and Payment Card Industry Data Security Standard (PCI DSS).
Responsibilities
Conducting enterprise-wide, ongoing risk analysis in tandem with compliance and security; Maintaining oversight in a GRC-related platform; Identifying strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks; Documenting, formulating and enforcing areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation; Maintaining strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities; Analyzing findings, and documenting, recommending and reporting program gaps to security leadership; Monitoring current and proposed security changes impacting regulatory, privacy and security industry best practice guidance; Ensuring security and technology teams maintain up-to-date configuration documentation for systems and processes; Acting as a key participant in incident response; Working in tandem with security, audit and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives; Liaising with auditors to maintain and implement controls for compliance and privacy laws; Acting as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance and privacy laws; Performing other duties as assigned. Experience & Qualifications
Bachelor’s degree in computer science, information assurance, MIS or related field or equivalent industry experience; At least 2 years’ experience in cybersecurity as a practitioner and with at least 2 to 3 years exposure with various security frameworks; Strong business acumen and security technology skills; Experience and understanding of various regulatory requirements and laws including PCI, SOX, HIPAA, GDPR and GLBA; Exceptional written and verbal communication skills; Capacity to understand legacy and progressive technology and security controls; Up-to-date understanding of incident response, system configuration, vulnerability management and hardening guidelines; Prior experience with leading GRC systems; Demonstrated problem-solving capabilities; Self-motivated and well-organized; Successful track record of managing external entities’ contracts and relationships; Familiarity with state, federal and international privacy laws; Highly trustworthy with leadership qualities. Please note that by applying, you consent to your information being transmitted by Jooble to the Employer, as data controller, through the Employer’s data processor SonicJobs. For more information, please see the Aspen Dental Privacy Policy and Terms & Conditions, as well as the SonicJobs Privacy Policy and Terms of Use.
#J-18808-Ljbffr
Conducting enterprise-wide, ongoing risk analysis in tandem with compliance and security; Maintaining oversight in a GRC-related platform; Identifying strengths and weaknesses in the security program as they relate to privacy, security, business resiliency and compliance frameworks; Documenting, formulating and enforcing areas of security improvement that balance risk with business operations and do not diminish efficiencies or innovation; Maintaining strong oversight of third parties, vendors and business partners to safeguard against undue risk presented by external entities; Analyzing findings, and documenting, recommending and reporting program gaps to security leadership; Monitoring current and proposed security changes impacting regulatory, privacy and security industry best practice guidance; Ensuring security and technology teams maintain up-to-date configuration documentation for systems and processes; Acting as a key participant in incident response; Working in tandem with security, audit and risk management leadership to perform ongoing security program assessments and create annual strategic technology and budgetary directives; Liaising with auditors to maintain and implement controls for compliance and privacy laws; Acting as a point of contact for disaster recovery and business continuity as it relates to security frameworks, compliance and privacy laws; Performing other duties as assigned. Experience & Qualifications
Bachelor’s degree in computer science, information assurance, MIS or related field or equivalent industry experience; At least 2 years’ experience in cybersecurity as a practitioner and with at least 2 to 3 years exposure with various security frameworks; Strong business acumen and security technology skills; Experience and understanding of various regulatory requirements and laws including PCI, SOX, HIPAA, GDPR and GLBA; Exceptional written and verbal communication skills; Capacity to understand legacy and progressive technology and security controls; Up-to-date understanding of incident response, system configuration, vulnerability management and hardening guidelines; Prior experience with leading GRC systems; Demonstrated problem-solving capabilities; Self-motivated and well-organized; Successful track record of managing external entities’ contracts and relationships; Familiarity with state, federal and international privacy laws; Highly trustworthy with leadership qualities. Please note that by applying, you consent to your information being transmitted by Jooble to the Employer, as data controller, through the Employer’s data processor SonicJobs. For more information, please see the Aspen Dental Privacy Policy and Terms & Conditions, as well as the SonicJobs Privacy Policy and Terms of Use.
#J-18808-Ljbffr