GRC Analyst

BridgeView

Apply Now

Job Reference: 9965

Bridgeview is currently seeking a GRC Analyst for one of our clients. If you love building and supporting technology solutions that make businesses successful, then read on for more details.  

TITLE:  GRC Analyst
LOCATION: Denver, CO – Hybrid (onsite 1 day every 2 weeks)
COMPENSATION: $40-45/hr
BENEFITS & PERKS: Medical, Dental & Vision insurance; 4% match on 401K, Life & LTD Insurance, and Employee Perks (more detail below) 

OVERVIEW 
The IT Governance, Risk, & Compliance (GRC) Analyst support the technology risk management program, providing risk oversight to the technology and cybersecurity teams. The GRC Analyst will play a key role in the success of the airline, by aligning security initiatives with enterprise programs and business objectives, ensuring that information assets and technologies are adequately protected. The IT GRC Analyst will support risk management initiatives to ensure regulatory alignment to PCI, SOX, and data protection standards/regulations. The analyst will plan and implement policies, procedures, standards, and controls to govern the protection of corporate information systems, networks, and data. The analyst will have a background within cybersecurity to make an impact on the company’s security program and services. The candidate will have basic experience with various Information Security concepts including data governance, risk management, metrics, audit, policy, and standards development. The analyst will have a unique opportunity to partner with departments across the organization, engaging with departments across the organization including cybersecurity, IT, Legal, HR, Internal Audit, Finance, and other business teams.

HOW YOU WILL MAKE AN IMPACT 

  • Partner with Finance, Accounting, and Internal Controls teams to understand our processes and how technology controls fit into those processes.
  • Collaborate with the IT/Cybersecurity team members, application owners, control owners, and stakeholders to achieve successful results and ensure testability.
  • Act as liaison with internal and external auditors for SOX and PCI audits, facilitating meetings, walkthroughs, and discussion of remediation activities for identified deficiencies.
  • Support control activity functions related to User Access Reviews, Privileged User Reviews, and Password Parameter reviews.
  • Assist in conducting Internal Cybersecurity audits, producing reports with recommendations for remediation and improvement
  • Support development and implementation of security policies, procedures, and documented security controls.
  • Maintain a PCI/SOX control database, inventorying control ownership, control objectives, and testing objectives.
  • Support cybersecurity-related document request lists and responses to complementary user entity controls.
  • Support and drive remediation processes to address issues identified in security assessments, control reviews, audits, and/or other assessments.
  • Support key operations of due diligence, on-going monitoring, and risk exception/waiver management.
  • Provide guidance for company projects, including the evaluation and recommendation of technical controls.
  • Support the delivery of risk metrics that measure overall cybersecurity risk exposure, and work with key stakeholders to define target thresholds, and report on results.
  • Assist in developing and maintaining Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for the Cybersecurity and Data Governance program initiatives.
  • Support the execution of data loss prevention initiatives; fostering collaboration with departments across the organization on privacy and data protection matters.
  • Mature the Data Loss Prevention Program by defining DLP rulesets in existing tools such as Varonis, and review outputs to determine the appropriate action required.
  • Support M&A activities, ensuring that appropriate information security due diligence reviews are performed, risks identified, and mitigation plans are enacted with the appropriate teams.
  • Demonstrate and apply knowledge of privacy and data protection regulation and laws to the environment, such as the CCPA, GDPR, CPRA, HIPAA, GLBA, and CDPA.
  • Support in the execution of the general data privacy assessment processes (including third-party assessments), internal control reviews, and risk assessments to monitor compliance with information security policies and standards
  • Assist with maturing the Data Governance Program which includes defining a Data Classification and Handling Program, identifying Data Owners, and assisting with the design and implementation of a Data Classification and Rights Management tool.
  • Support development and dissemination of cybersecurity training and awareness for organizational users, administrators, and developers.
  • Assist in the management and maintenance of the enterprise wide IS Security Awareness Program which includes phishing simulations, computer-based training, proactive communications on latest threats, workshops, and newsletters.
  • Translate security and compliance requirements into actionable tasks for control owners to execute.
  • Support performance of third-party vendor risk management process, to ensure vendor systems/applications are complying with corporate policies, applicable regulatory/legal requirements, and leading industry practices.
  • Support controls required pre-contracting with vendors, contractors, and/or suppliers, as well as post-contract from an ongoing monitoring perspective.
  • Perform assessments on our Third Parties, aimed at reducing organizational risk from an Information Security perspective
  • Support the delivery of relevant and actionable reporting/presentations to stakeholders and executive management.
  • Monitor and review regulatory updates and issues relative to pertinent security regulatory requirements (such as GDPR, PCI, or SOX) and escalate findings appropriately.
EXPERIENCE REQUIRED  
  • Bachelor’s degree required in either: Business, Finance, Computer Science, Engineering, IT, or similar field.
  • 2+ years’ experience in vendor risk management, IT risk management, and/or data privacy role.
  • 2+ years’ experience working in a GRC analyst, IT audit, IT compliance, and/or controls assurance role.
  • Ability to develop policy, and standards, and procedures in compliance with laws, regulations, and industry standards in support of organizational cyber activities.
  • Skill in administrative planning activities, to include preparation of functional and specific support plans, preparing and managing correspondence, and staffing procedures
  • Experience with risk management as it relates to Information Security
  • Experience with security audits.
  • Experience in controls testing in line with SOX frameworks.
  • Experience developing cybersecurity and IT controls, policies, and procedures.
  • Proficient in developing and maintaining policies, standards, and guidance artifacts.
  • Experience identifying, tracking, reporting and remediating IT/Cyber procedural and technical risk.
  • Strong understanding on implementing effective control and/or mitigation options to manage security risks.
  • Display a working knowledge of SOX IT General Controls (ITGC) requirements.
  • Proven ability to plan and execute ITGC testing and subsequent status reporting.
  • Knowledge of industry frameworks, regulations, or contractual rules such as PCI-DSS, HIPPA, NIST, ISO, ITIL, GDPR, COSO, COBIT, and SOC1/2.
  • Proficient in Microsoft Office suite of applications (Word, Excel, PowerPoint, Access, SharePoint, etc.).
PREFERRED
  • Experience with the airline industry a plus.
  • Hold an active GRC certification, such as CISSP, CISA, CISM, CRISC, CRMA, or GIAC.
  • Big-4 accounting firm experience is a plus.
ABOUT BRIDGEVIEW  
Founded in 2005, BridgeView provides exceptional technology consulting, project augmentation, and placement services that help organizations and technologists achieve their goals. Our ability to evolve with the market and quickly adapt to client environments makes us a unique alternative to the status quo. It’s why we’ve achieved constant growth since the day we opened our doors, attracting well-known companies and expert talent. With a home base in downtown Denver and a team that embodies a work hard, play hard attitude, BridgeView is a personable but professional partner to you. We’ve won awards and we’ve had great success, but nothing is more rewarding than forming genuine connections with business leaders and technologists. 

Apply for the above role or sign up for job alerts at https://www.bridgeviewit.com/job-alerts/. 

BENEFITS 

  • Medical: Provided by Anthem BCBS 
  • Dental: Provided by Guardian PPO 
  • Vision: Provided by VSP/Guardian PPO 
  • 401K with 4% match that is 100% vested from start  
  • Voluntary Benefits: Accident Insurance, Accidental Death & Dismemberment (AD&D), Short-Term Disability, Life Insurance, Critical Illness 
  • Employee Perks, Personal Discounts: Full access to the Calm app, great discounts through thousands of vendors (Home Depot, AT&T, Target, etc.) 

 

Michelle.Kirkpatrick

Apply Now