North End Teleservices
Job Summary
The North End Teleservices GRC Analyst optimizes the organization’s cybersecurity posture via governance risk and compliance (GRC) activities. The position ensures that the organization operates within regulatory requirements, manages risks effectively and follows internal governance policies while performing certain functions to analyze audit and manage systems and processes intended to align the organization with cyber security standards such as NIST and other similar frameworks as mandated by the business. The role is a hands‑on function that performs work related to controls and objectives while helping to establish and enforce company policies, security frameworks and best practices that align with business goals and industry standards. The role also includes the identification, assessment and mitigation of risks related to cybersecurity, data protection and operational processes. Key Responsibilities
Development alignment maintenance and regular audit of policies related to cyber security and risk including:
Information Security Policy (annual review) Business Continuity Plan (annual review) Disaster Recovery Plan (annual review) Incident Response Plan (annual review) Risk Management Program (annual review) Acceptable Use Policies (annual review) Removable Media Policy (annual review) Technology Control Plan (annual review) Security Awareness and Training Policy (annual review) Media Marking and Handling Policy (annual review) AI Policy (annual review) Other policies as assigned
Access Control Procedure
Operational Change Management Procedure Network Access Management Procedure Log Management Procedure Other procedures as assigned
Management execution and follow‑up related to recurring functions as assigned including:
Security Awareness Training campaigns (quarterly) Vulnerability Assessments reviews (monthly) Log Management procedures (weekly) Risk Register meetings (quarterly) Tabletop exercises (annually) Active network user audits (monthly) Approved application audits (annually) Review of employee cybersecurity training / acknowledgement program (annually) Public‑facing Resources Audit (annually) Security Controls Assessment (annually) User Access Review (annually) Power continuity review (annually) All aspects of Risk Management Program (as needed) Other functions as assigned (as needed) Execution of ad hoc cybersecurity tasks as needed
Routine maintenance of policies and procedures in line with business changes Response to cybersecurity incidents related logging forensics and action Review of CISA alerts and associated Risk Register updates Cybersecurity projects as assigned Cybersecurity partnership management and optimization Operational Change Management review discussions and form completion as needed Periodic cybersecurity training for team members Meetings and related follow‑up Cybersecurity support for customer inquiries and sales opportunities Other tasks as assigned Management of certain platform software and documentation as assigned including:
Security Awareness Training Platform Password Vault Platform Section 508 Accessibility Platform Other platforms as assigned
Governance Risk and Compliance documentation Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice. Technical Skills
Knowledge of Security Frameworks & Regulations; Understanding of ISO 27001, NIST 800‑X, CMMC, SOC 2, HIPAA, PCI DSS and GDPR. Risk Management – Ability to conduct risk assessments, identify vulnerabilities and implement mitigation strategies. Compliance Auditing – Experience with internal / external audits, compliance reporting and policy documentation. GRC Tools & Platforms – Familiarity with cyber security tools related to functions such as security awareness training, log management, vulnerability assessment and other functions. Security & IT Fundamentals – Understanding of cybersecurity principles, cloud security (AWS, Azure, GCP) and identity & access management (IAM). Analytical & Problem‑Solving Skills
Risk Analysis – Ability to evaluate threats, vulnerabilities and business impact. Data Interpretation – Analyzing compliance reports, audit findings and security metrics to improve risk posture. Soft Skills
Communication & Reporting – Ability to explain complex compliance requirements to technical and non‑technical stakeholders. Organization – Ability to manage job functions proactively with maximum efficiency and results. Attention to Detail – Ability to perform job functions thoroughly with outcomes that align with business needs. Project Management – Ability to define project targets and coordinate resources for successful execution. Relationships – Ability to develop professional relationships and lead discussions that foster collaboration on cyber security initiatives. Attendance and Punctuality
Employees will follow the work schedule assigned and must comply with the attendance and established punctuality requirements. Maintaining regular attendance and punctuality is crucial for this position. Understanding the importance of attendance and showing up for the job every day lays the foundation for our success as a team and your successful career. Key Qualifications
Bachelor’s degree in Information Security, Business Information Systems or related field preferred. 14 years of experience in GRC cybersecurity audit or risk management (depending on level). Experience with GRC tools (e.g., ServiceNow, GRC Archer, OneTrust, LogicGate, Drata, Vanta). Strong organizational and time management skills. Proficiency with Microsoft Office Suite (Word, Excel, PowerPoint) and video conferencing tools. Excellent verbal and written communication skills. Strong understanding of risk management principles and compliance frameworks. Excellent analytical documentation and report‑writing capabilities. Ability to work cross‑functionally and communicate with both technical and non‑technical stakeholders. Strong organizational skills and attention to detail. Familiarity with security concepts (identity management, access controls, network security, etc.). DEI Competencies
Diversity, equity and inclusion as a leadership competency is a measure of success within NET. Cultural Competence
Understand multiple frameworks, values and norms. Demonstrates an ability to flex style when faced with myriad dimensions of culture to be effective across cultural contexts. Negotiation – Negotiates and facilitates cultural differences, conflicts, tensions or misunderstandings. Judgement – Can discern when to inquire, advocate, drive or resolve more decisively. Continuous learning – Commits to continuous learning / improvement in diversity, inclusion and cultural competence. Corporate communications – Acknowledge and address possible unfavorable impact. Corporate Social Responsibility – Influences media and marketplace via communication and community outreach to competitively position the organization. Brand Management – Identifies partners and leverages relationships with key external diverse suppliers, organizations and customers to: Enhance the supply chain, increase market share, revenues and loyalty. External Market Knowledge – Understands and is current on global and local trends / changes and how they inform and influence D&I. Supplier Diversity – Identifies partners and leverages relationships with key external diverse suppliers, organizations and customers to: Enhance the supply chain, increase market share, revenues and loyalty. North End Teleservices is an equal‑opportunity employer and is committed to diversity in its workforce. North End Teleservices recruits qualified applicants without regard to characteristics such as race, color, national origin, religion, gender, gender identity, sexual orientation, disability, veteran status, age, marital status, citizenship status or any other status protected by law. Required Experience: IC Employment Type: Full‑Time Experience: years Vacancy: 1
#J-18808-Ljbffr
The North End Teleservices GRC Analyst optimizes the organization’s cybersecurity posture via governance risk and compliance (GRC) activities. The position ensures that the organization operates within regulatory requirements, manages risks effectively and follows internal governance policies while performing certain functions to analyze audit and manage systems and processes intended to align the organization with cyber security standards such as NIST and other similar frameworks as mandated by the business. The role is a hands‑on function that performs work related to controls and objectives while helping to establish and enforce company policies, security frameworks and best practices that align with business goals and industry standards. The role also includes the identification, assessment and mitigation of risks related to cybersecurity, data protection and operational processes. Key Responsibilities
Development alignment maintenance and regular audit of policies related to cyber security and risk including:
Information Security Policy (annual review) Business Continuity Plan (annual review) Disaster Recovery Plan (annual review) Incident Response Plan (annual review) Risk Management Program (annual review) Acceptable Use Policies (annual review) Removable Media Policy (annual review) Technology Control Plan (annual review) Security Awareness and Training Policy (annual review) Media Marking and Handling Policy (annual review) AI Policy (annual review) Other policies as assigned
Access Control Procedure
Operational Change Management Procedure Network Access Management Procedure Log Management Procedure Other procedures as assigned
Management execution and follow‑up related to recurring functions as assigned including:
Security Awareness Training campaigns (quarterly) Vulnerability Assessments reviews (monthly) Log Management procedures (weekly) Risk Register meetings (quarterly) Tabletop exercises (annually) Active network user audits (monthly) Approved application audits (annually) Review of employee cybersecurity training / acknowledgement program (annually) Public‑facing Resources Audit (annually) Security Controls Assessment (annually) User Access Review (annually) Power continuity review (annually) All aspects of Risk Management Program (as needed) Other functions as assigned (as needed) Execution of ad hoc cybersecurity tasks as needed
Routine maintenance of policies and procedures in line with business changes Response to cybersecurity incidents related logging forensics and action Review of CISA alerts and associated Risk Register updates Cybersecurity projects as assigned Cybersecurity partnership management and optimization Operational Change Management review discussions and form completion as needed Periodic cybersecurity training for team members Meetings and related follow‑up Cybersecurity support for customer inquiries and sales opportunities Other tasks as assigned Management of certain platform software and documentation as assigned including:
Security Awareness Training Platform Password Vault Platform Section 508 Accessibility Platform Other platforms as assigned
Governance Risk and Compliance documentation Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Duties, responsibilities and activities may change at any time with or without notice. Technical Skills
Knowledge of Security Frameworks & Regulations; Understanding of ISO 27001, NIST 800‑X, CMMC, SOC 2, HIPAA, PCI DSS and GDPR. Risk Management – Ability to conduct risk assessments, identify vulnerabilities and implement mitigation strategies. Compliance Auditing – Experience with internal / external audits, compliance reporting and policy documentation. GRC Tools & Platforms – Familiarity with cyber security tools related to functions such as security awareness training, log management, vulnerability assessment and other functions. Security & IT Fundamentals – Understanding of cybersecurity principles, cloud security (AWS, Azure, GCP) and identity & access management (IAM). Analytical & Problem‑Solving Skills
Risk Analysis – Ability to evaluate threats, vulnerabilities and business impact. Data Interpretation – Analyzing compliance reports, audit findings and security metrics to improve risk posture. Soft Skills
Communication & Reporting – Ability to explain complex compliance requirements to technical and non‑technical stakeholders. Organization – Ability to manage job functions proactively with maximum efficiency and results. Attention to Detail – Ability to perform job functions thoroughly with outcomes that align with business needs. Project Management – Ability to define project targets and coordinate resources for successful execution. Relationships – Ability to develop professional relationships and lead discussions that foster collaboration on cyber security initiatives. Attendance and Punctuality
Employees will follow the work schedule assigned and must comply with the attendance and established punctuality requirements. Maintaining regular attendance and punctuality is crucial for this position. Understanding the importance of attendance and showing up for the job every day lays the foundation for our success as a team and your successful career. Key Qualifications
Bachelor’s degree in Information Security, Business Information Systems or related field preferred. 14 years of experience in GRC cybersecurity audit or risk management (depending on level). Experience with GRC tools (e.g., ServiceNow, GRC Archer, OneTrust, LogicGate, Drata, Vanta). Strong organizational and time management skills. Proficiency with Microsoft Office Suite (Word, Excel, PowerPoint) and video conferencing tools. Excellent verbal and written communication skills. Strong understanding of risk management principles and compliance frameworks. Excellent analytical documentation and report‑writing capabilities. Ability to work cross‑functionally and communicate with both technical and non‑technical stakeholders. Strong organizational skills and attention to detail. Familiarity with security concepts (identity management, access controls, network security, etc.). DEI Competencies
Diversity, equity and inclusion as a leadership competency is a measure of success within NET. Cultural Competence
Understand multiple frameworks, values and norms. Demonstrates an ability to flex style when faced with myriad dimensions of culture to be effective across cultural contexts. Negotiation – Negotiates and facilitates cultural differences, conflicts, tensions or misunderstandings. Judgement – Can discern when to inquire, advocate, drive or resolve more decisively. Continuous learning – Commits to continuous learning / improvement in diversity, inclusion and cultural competence. Corporate communications – Acknowledge and address possible unfavorable impact. Corporate Social Responsibility – Influences media and marketplace via communication and community outreach to competitively position the organization. Brand Management – Identifies partners and leverages relationships with key external diverse suppliers, organizations and customers to: Enhance the supply chain, increase market share, revenues and loyalty. External Market Knowledge – Understands and is current on global and local trends / changes and how they inform and influence D&I. Supplier Diversity – Identifies partners and leverages relationships with key external diverse suppliers, organizations and customers to: Enhance the supply chain, increase market share, revenues and loyalty. North End Teleservices is an equal‑opportunity employer and is committed to diversity in its workforce. North End Teleservices recruits qualified applicants without regard to characteristics such as race, color, national origin, religion, gender, gender identity, sexual orientation, disability, veteran status, age, marital status, citizenship status or any other status protected by law. Required Experience: IC Employment Type: Full‑Time Experience: years Vacancy: 1
#J-18808-Ljbffr