Our client is seeking a new member for their GRC team to join in a long term contract capacity. The position will be onsite initially in Arlington, TX, but can move to a hybrid schedule once familiar with the environment.
Position Overview:
The IT Risk Assessment & Compliance Analyst plays a crucial role in evaluating and strengthening the organization’s IT risk management, security, and compliance efforts. This individual will perform risk assessments across various IT systems, ensuring adherence to regulatory standards and best practices. The analyst will leverage key frameworks to identify and mitigate risks and must possess strong analytical, technical, and interpersonal skills to drive effective IT compliance and security across departments.
Key Responsibilities:
- Conduct IT risk assessments using frameworks such as NIST Cybersecurity Framework, NIST 800-53, ISO 27001, and CIS Critical Security Controls to evaluate system vulnerabilities and control deficiencies.
- Identify potential threats, quantify risk exposure (impact and likelihood), and recommend mitigations in line with the organization's risk response plans.
- Complete assessments with a focus on the following areas:
- Identity & Access Management
- Application, Database, & Network Access Controls
- IT General Controls
- Data Security & Privacy
- Third-Party (Vendor) Risk Management
- IT Regulatory Compliance
- Coordinate with departments to support risk assessment and compliance initiatives, providing guidance and collaboration to achieve security objectives.
- Develop and maintain documentation for risk assessments, compliance reports, and recommendations for risk treatment.
Technical & Software Skills:
- Advanced proficiency in Microsoft Office 365 applications (Word, Excel, Visio, PowerPoint) for documentation, data analysis, and communication.
- Skilled in collaboration tools like Microsoft Teams, OneDrive, and SharePoint for team coordination and document sharing.
- Proficient in Excel functions, including PivotTables, and experience with Power BI for dynamic reporting.
- Experience with Power Automate to automate tasks and enhance team productivity.
- Strong understanding of Office 365 security features to manage and protect sensitive information.
Interpersonal & Communication Skills:
- Excellent interpersonal skills for effective collaboration with various departments to address IT security risks.
- Ability to explain technical concepts clearly to non-technical audiences and document assessments and recommendations effectively.
- Strong problem-solving skills to identify and resolve risks, and to develop efficient mitigation strategies.
- Team-oriented with the ability to work collaboratively to support organizational goals and ensure all compliance measures are met.
Qualifications:
- Bachelor's degree
- Experience with IT risk assessment frameworks and methodologies.
- Advanced knowledge of Microsoft Office 365 applications.
- Strong communication, problem-solving, and collaboration skills.
