Senior Analyst, Cybersecurity Governance Risk & Compliance
71 S Wacker Dr Suite 4500 Chicago, IL 60606 US
Job Description
The Senior Analyst for Cybersecurity Governance, Risk & Compliance will oversee the completion of compliance-related requests from clients aimed at evaluating security policies and procedures. This role involves responding to inquiries regarding security controls, processes, and procedures for systems and applications managed by the organization, as well as supporting Third Party Risk Management (TPRM) and Governance & Risk functions in conducting vendor due diligence (initial assessments, reassessments, and ongoing monitoring). The Senior Analyst will also contribute to broader Governance, Risk, and Compliance (GRC) efforts. This position requires excellent communication skills, initiative, strong attention to detail, and the ability to quickly learn new concepts.
Key responsibilities include:
- Review and gain a thorough understanding of the organization's IT Risk Management (ITRM) framework, including associated policies, standards, procedures, and processes.
- Develop a solid understanding of the organization's control structure to help create or revise standard responses for client questionnaires (e.g., SIG).
- Respond to compliance-related requests and web-based sharing, referencing relevant evidence or documentation.
- Complete external security assessments, support remediation efforts, and track progress of assessment queues.
- Work with external assessors and internal experts to resolve compliance inquiries and share security artifacts.
- Assist in refining the process for completing information security control assessments.
- Support the measurement and reporting of the Information Security Program’s effectiveness by analyzing security control measures.
- Track the status of findings from information security assessments, Governance, Risk & Compliance, and TPRM due diligence/reassessment, and associated remediation efforts.
- Contribute to the development of GRC-related processes, procedures, and documentation.
- Collaborate with the CISO, senior managers, and other stakeholders to report on the current information security program and ongoing projects addressing security risks and compliance.
- Manage competing deadlines and handle multiple external inquiries, demonstrating organizational skills and attention to detail.
- Participate in efforts to evolve and streamline GRC solutions, processes, and procedures.
- Work with Information Security, Privacy, and GRC management, and internal subject matter experts to help coordinate, track, and report on GRC team goals and strategies.
- Perform additional duties as needed.
The Senior Analyst is expected to demonstrate the following skills and qualifications:
- Strong understanding of various risk management frameworks and standards, including CSC, NIST, ISO, and COBIT.
- Experience with the NIST Cybersecurity Framework and auditing controls within NIST SP800-171 and NIST SP800-53A.
- Experience collaborating with internal and external auditing firms.
- In-depth knowledge of information security concepts and technologies.
- Proficiency with MS Outlook, Word, Excel, Visio, and PowerPoint.
- Excellent communication skills with the ability to interact with multiple teams, including administrative and legal departments.
- Experience in analyzing IT and security control requirements and understanding associated technological processes.
- Strong knowledge of due diligence and compliance documentation such as SOC II Type II, ISO 27001 Certification, SIG Questionnaires, Certificates of Insurance, Pen Test reports, etc.
Required qualifications:
- A Bachelor’s degree.
- At least 5 years of combined experience in information technology and information security.
Job Requirements
Meet Your Recruiter
