Talen Energy
Cybersecurity GRC (Governance, Risk, and Compliance) Analyst
Talen Energy, Allentown, Pennsylvania, United States, 18103
Cybersecurity GRC Analyst
We are seeking a skilled and proactive Cybersecurity GRC (Governance, Risk, and Compliance) Analyst to join our dynamic cybersecurity team. The GRC Analyst will play a critical role in identifying, managing, and mitigating risks related to information security and ensuring compliance with industry standards, regulations, and internal policies. The ideal candidate will have experience in cyber security risk management, regulatory compliance, and governance frameworks, with a keen ability to analyze, report, and provide actionable insights. Key Responsibilities: Governance:
Support the development and implementation of security governance frameworks and policies to ensure alignment with organizational goals and regulatory requirements. Risk Management:
Identify, assess, and monitor cybersecurity risks within the organization, ensuring effective mitigation strategies are in place and risks are documented. Compliance:
Assist in ensuring compliance with relevant laws, regulations (such as NERC, SOX, HIPAA, CMMC), and industry standards (ISO 27001, NIST, etc.). Conduct periodic audits and prepare compliance reports. Coordinate internal and external audits, including communication, walkthroughs, control testing, and evidence gathering. Security Controls:
Evaluate existing security controls, policies, and procedures to identify gaps and recommend improvements. Incident Response:
Participate in incident response planning and provide support during investigations related to security breaches or compliance violations. Vendor Risk Management:
Assess third-party security risks and collaborate with other teams to evaluate vendor security posture. Reporting and Documentation:
Prepare detailed risk assessments, compliance reports, and audit findings for senior management and other stakeholders. Training & Awareness:
Support the development and delivery of security awareness and training programs for staff and stakeholders to foster a strong security culture. Qualifications: Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent work experience). 10+ years of cybersecurity-related experience. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, COBIT, SOC 2, etc.). Relevant certifications such as CISSP, CISA, CRISC, or CISM are highly preferred. Familiarity with security tools, risk management platforms, and compliance monitoring systems (SailPoint, ServiceNowGRC, AuditBoard, Abnormal AI, Proofpoint Security Awareness etc.) Knowledge of compliance regulations (NERC, NRC, HIPAA, etc.) and risk management practices. Proven ability to evaluate complex security risks and communicate findings effectively to non-technical stakeholders. Strong analytical, organizational, and problem-solving skills. Excellent written and verbal communication skills are crucial for translating complex technical and regulatory issues to both technical and non-technical audiences. Ability to work effectively with cross-functional teams, including IT, legal and business unit leaders. Hands-on GRC experience and a demonstrated ability to align risk management strategies with overarching business objectives. Preferred Skills: Experience with cloud security, IT governance, and data privacy. Knowledge of threat intelligence and vulnerability management. Ability to work in a collaborative, fast-paced environment with cross-functional teams. Note:
You will have an opportunity to add attachments to your application. Please use this opportunity to upload your resume, cover letter, and any relevant documents.
We are seeking a skilled and proactive Cybersecurity GRC (Governance, Risk, and Compliance) Analyst to join our dynamic cybersecurity team. The GRC Analyst will play a critical role in identifying, managing, and mitigating risks related to information security and ensuring compliance with industry standards, regulations, and internal policies. The ideal candidate will have experience in cyber security risk management, regulatory compliance, and governance frameworks, with a keen ability to analyze, report, and provide actionable insights. Key Responsibilities: Governance:
Support the development and implementation of security governance frameworks and policies to ensure alignment with organizational goals and regulatory requirements. Risk Management:
Identify, assess, and monitor cybersecurity risks within the organization, ensuring effective mitigation strategies are in place and risks are documented. Compliance:
Assist in ensuring compliance with relevant laws, regulations (such as NERC, SOX, HIPAA, CMMC), and industry standards (ISO 27001, NIST, etc.). Conduct periodic audits and prepare compliance reports. Coordinate internal and external audits, including communication, walkthroughs, control testing, and evidence gathering. Security Controls:
Evaluate existing security controls, policies, and procedures to identify gaps and recommend improvements. Incident Response:
Participate in incident response planning and provide support during investigations related to security breaches or compliance violations. Vendor Risk Management:
Assess third-party security risks and collaborate with other teams to evaluate vendor security posture. Reporting and Documentation:
Prepare detailed risk assessments, compliance reports, and audit findings for senior management and other stakeholders. Training & Awareness:
Support the development and delivery of security awareness and training programs for staff and stakeholders to foster a strong security culture. Qualifications: Bachelor's degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent work experience). 10+ years of cybersecurity-related experience. Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, COBIT, SOC 2, etc.). Relevant certifications such as CISSP, CISA, CRISC, or CISM are highly preferred. Familiarity with security tools, risk management platforms, and compliance monitoring systems (SailPoint, ServiceNowGRC, AuditBoard, Abnormal AI, Proofpoint Security Awareness etc.) Knowledge of compliance regulations (NERC, NRC, HIPAA, etc.) and risk management practices. Proven ability to evaluate complex security risks and communicate findings effectively to non-technical stakeholders. Strong analytical, organizational, and problem-solving skills. Excellent written and verbal communication skills are crucial for translating complex technical and regulatory issues to both technical and non-technical audiences. Ability to work effectively with cross-functional teams, including IT, legal and business unit leaders. Hands-on GRC experience and a demonstrated ability to align risk management strategies with overarching business objectives. Preferred Skills: Experience with cloud security, IT governance, and data privacy. Knowledge of threat intelligence and vulnerability management. Ability to work in a collaborative, fast-paced environment with cross-functional teams. Note:
You will have an opportunity to add attachments to your application. Please use this opportunity to upload your resume, cover letter, and any relevant documents.