GRC Analyst

Position Summary:

The Security GRC Analyst is focused on ensuring Pax8’s security incident response is coordinated documented and messaged with key stakeholders. They oversee the delivery of an up-to-date incident response plan execution of IR tabletop exercise and day-to-day coordination of any security related incidents that require leadership involvement. Additionally the Analyst supports the maturity efforts of the third-party risk management security program. Third party risk program focuses on internal supplier and vendor marketplace security risk reviews and assurance efforts.  They are a key member of the Trust and Security team providing guidance and direction to security professionals and collaborating with other departments across the organization.

Essential Responsibilities:

• Manage inquiries and requests related to incident response through cross-functional team coordination.

• Oversee execution of incident response tabletop exercises.

• Participate in security program improvements and tool selection efforts aligned with the security incident response and resilience.

• Develop and maintain security procedures for incident management and response by defining and documenting security best practices for managing an incident management process.

• Stay up-to-date on industry trends and best practices by continuously learning and adapting the security program to address evolving threats.

• Collaborate with other departments by partnering with IT engineering legal data management office HR and other departments to ensure security considerations are integrated into all business processes.

• Measure and report on security performance by tracking key metrics (KPIs/KRIs) identifying areas for improvement and reporting to the GRC leader and other stakeholders.

• Collaborate on building out an improved third-party risk management program that supports risk reviews of our internal suppliers and marketplace vendors.

• Perform risk assessments on third parties track security risks and promote strong compliance practices.

Ideal Skills Experience and Competencies:

• At least three (3) years of experience in IT security role with incident management or response related experience.

• Proven experience in resilience and security incident response efforts (e.g. understand asset criticality data classification business impact key stakeholder engagement and strong cross-functional communications).

• Understanding of public cloud deployments and associated security risks and controls.

• Experience working in a Zero Trust focused security program.

• Strong understanding of security best practices and frameworks (e.g. MITRE ATT&CK NIST Cybersecurity Framework ISO 27001:2022 and SOC2 audit efforts).

• Excellent communication interpersonal and leadership skills.

Recommended Education & Certifications:

• B.A./B.S. in a related field or equivalent work experience.

• Risk Focused Certifications such as CISA CRISC CISSP is a plus

Compensation:

• Qualified candidates can expect a salary beginning at $76000 or more depending on experience

Expected Closing Date: 09/20/24

#LI-Remote #LI-AG1 #BI-Remote #DICE-A