Central Hudson
Information Security GRC Analyst
Central Hudson, Poughkeepsie, New York, United States, 12601
Information Security GRC Analyst
An Information Security GRC Analyst is a detail-oriented and proactive individual who supports the management of our information security governance, risk, and compliance programs. This role plays a critical part in maintaining regulatory alignment, reducing operational risk, and maturing our control environment. The ideal candidate is a systems thinker who can translate security frameworks into actionable, trackable work while collaborating across departments to improve organizational resilience. What does an Information Security GRC Analyst do? Supports the development, implementation, and maintenance of information security policies, standards, and procedures Assists in maintaining and operationalizing the enterprise risk register, including control gap identification and remediation tracking Facilitates risk assessments, control evaluations, and mitigation planning across business and technology functions Monitors compliance with internal policies and external regulatory frameworks such as NIST 800-53, NIST CSF, ISO 27001, SOX, and NERC CIP Supports third-party risk management processes, including vendor assessments, documentation collection, and due diligence reviews Participates in audits, security assessments, and incident response activities as needed Generates reports and dashboards that communicate risk posture, control effectiveness, and compliance metrics to stakeholders Collaborates with IT, Legal, and Business teams to ensure alignment of information security practices with enterprise risk tolerance Tracks change in regulations and assist with mapping compliance requirements to internal controls Provides support for storm restoration efforts What does it take to be an Information Security GRC Analyst? Required: Bachelor's degree in Cybersecurity, Information Systems, Business, or a related field and experience in cybersecurity, compliance, risk management or audit or an Associates degree in the aforementioned fields and at least 3+ years of cybersecurity, compliance, risk management or audit experience. In lieu of a degree, a high school diploma or equivalency and 5+ years of cybersecurity, compliance, risk management, or audit experience will be considered. Familiarity with security frameworks and regulatory requirements (e.g., NIST, ISO, SOC 2, SOX, CIS Controls) Strong analytical skills with the ability to assess complex systems and identify risk Experience documenting processes, policies, or technical findings clearly and concisely Ability to manage competing priorities and communicate effectively with technical and non-technical stakeholders Valid driver's license Preferred: Experience with GRC tools (e.g., Archer, ServiceNow GRC, LogicGate, OneTrust) Experience supporting third-party risk management or vendor security reviews Industry experience in utilities, energy, or critical infrastructure Certifications such as Security+, CGRC, CRISC, or GRCP Applications will be accepted until August 12, 2025. This position has a career path which allows for advancement opportunities within a job series. The title and level are commensurate with experience. Pay range: $71,900
$168,700. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, creed, color, ethnicity, arrest or conviction record, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, citizenship, genetic information, familial status, marital status, pregnancy-related condition, domestic violence victim status, veteran or military status, or any other characteristic protected by federal, state or local laws. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance employment in individuals who are protected veterans and individuals with disabilities. VEVRAA FEDERAL CONTRACTOR
An Information Security GRC Analyst is a detail-oriented and proactive individual who supports the management of our information security governance, risk, and compliance programs. This role plays a critical part in maintaining regulatory alignment, reducing operational risk, and maturing our control environment. The ideal candidate is a systems thinker who can translate security frameworks into actionable, trackable work while collaborating across departments to improve organizational resilience. What does an Information Security GRC Analyst do? Supports the development, implementation, and maintenance of information security policies, standards, and procedures Assists in maintaining and operationalizing the enterprise risk register, including control gap identification and remediation tracking Facilitates risk assessments, control evaluations, and mitigation planning across business and technology functions Monitors compliance with internal policies and external regulatory frameworks such as NIST 800-53, NIST CSF, ISO 27001, SOX, and NERC CIP Supports third-party risk management processes, including vendor assessments, documentation collection, and due diligence reviews Participates in audits, security assessments, and incident response activities as needed Generates reports and dashboards that communicate risk posture, control effectiveness, and compliance metrics to stakeholders Collaborates with IT, Legal, and Business teams to ensure alignment of information security practices with enterprise risk tolerance Tracks change in regulations and assist with mapping compliance requirements to internal controls Provides support for storm restoration efforts What does it take to be an Information Security GRC Analyst? Required: Bachelor's degree in Cybersecurity, Information Systems, Business, or a related field and experience in cybersecurity, compliance, risk management or audit or an Associates degree in the aforementioned fields and at least 3+ years of cybersecurity, compliance, risk management or audit experience. In lieu of a degree, a high school diploma or equivalency and 5+ years of cybersecurity, compliance, risk management, or audit experience will be considered. Familiarity with security frameworks and regulatory requirements (e.g., NIST, ISO, SOC 2, SOX, CIS Controls) Strong analytical skills with the ability to assess complex systems and identify risk Experience documenting processes, policies, or technical findings clearly and concisely Ability to manage competing priorities and communicate effectively with technical and non-technical stakeholders Valid driver's license Preferred: Experience with GRC tools (e.g., Archer, ServiceNow GRC, LogicGate, OneTrust) Experience supporting third-party risk management or vendor security reviews Industry experience in utilities, energy, or critical infrastructure Certifications such as Security+, CGRC, CRISC, or GRCP Applications will be accepted until August 12, 2025. This position has a career path which allows for advancement opportunities within a job series. The title and level are commensurate with experience. Pay range: $71,900
$168,700. All qualified applicants will receive consideration for employment and will not be discriminated against on the basis of race, creed, color, ethnicity, arrest or conviction record, religion, sex, sexual orientation, gender identity or expression, national origin, age, disability, citizenship, genetic information, familial status, marital status, pregnancy-related condition, domestic violence victim status, veteran or military status, or any other characteristic protected by federal, state or local laws. Central Hudson Gas & Electric Corporation takes affirmative action in support of its policy to employ and advance employment in individuals who are protected veterans and individuals with disabilities. VEVRAA FEDERAL CONTRACTOR