Job Details
Looking for a home in an unstable job market!
If so... I have an opportunity you might be interested in. I am hiring a hybrid in Phoenix, FTE, Jr. GRC Analyst with a company that boasts an average employee tenure of 10 years and offers significant opportunities to grow from within.
***This position is only considering individuals local to Phoenix
Position Overview:
Cyber Risk Management:
- Assists with the collection, analysis, and presentation of cybersecurity program performance metrics and key risk indicators (KRIs).
- With guidance, conducts regular assessments of cyber risks within applications, platforms, and processes.
- Documents and monitors mitigation strategies and risk management plans.
- Actively participates in third-party risk management by assessing the security posture of external vendors and partners.
PCI, SOX, and Privacy Compliance:
- Supports cross-functional teams in the implementation of regulatory and PCI-DSS controls.
- Processes privacy-related data subject access requests.
- Monitors compliance and reports effectiveness.
- Performs periodic gap assessments to validate compliance.
- Assists in managing action plans in response to audit discoveries.
Policies/Standards/Controls:
- Maintains cybersecurity policies, standards, and guidelines.
- Monitors compliance with cybersecurity control framework.
- Communicates policies to relevant stakeholders.
Security Awareness:
- With guidance, develops security awareness training programs and materials.
- Plans and executes cybersecurity awareness events and communication campaigns.
- Organizes and delivers training sessions to employees on security policies and best practices.
- Monitors and reports on the effectiveness of security awareness initiatives.
Qualifications:
- Minimum 2 (max 4) years of work experience in a cybersecurity or technical risk analysis role.
- Working knowledge of cybersecurity control frameworks (NIST CSF preferred), PCI-DSS, and SOX.
- Exceptional written and verbal communication skills that can be adjusted to relevant audiences.
- Analytic and problem-solving skills.
- Bachelor in Cybersecurity or related field or a combination of related education and work experience in an Information Security role to equal 4 years.
- NIST CF Experience
- ISP 20000 OR ISP 20009 cert
- Email Phishing Campaigns
- Ability to communicate at a high level
- Ability to write email/newsletters effectively and competently
- Microsoft Office