Information Security GRC Analyst
Employment Type: Contract
Location: Dallas, TX (Hybrid – 2 days onsite per week)
Compensation: $43 - $57/hour
Contract Duration: 3 to 4 months, with potential for assessment and future permanent conversion
Job Summary
We seek an experienced Information Security GRC Analyst to develop, implement, and operationalize Information Security governance and risk management functions. This role ensures compliance with security controls, regulatory and legal requirements, and institutional policies. The ideal candidate will have strong communication skills to interact effectively with stakeholders and experience in large organizations, ideally with over 20,000 employees.
Essential Functions
- Risk Management: Implement established risk frameworks for the Information Security program.
- Risk Assessments: Lead and operationalize formal security risk assessment frameworks for third-party vendor risk, technology procurement, and internal security controls. Execute strategic projects to mature the program.
- Audit & Compliance: Track audit findings, coordinate audit deliverables, and ensure audit compliance with established frameworks and standards.
- Metrics and Reporting: Develop metrics and KPIs for program maturity and executive-level reporting.
- Program Governance: Assist in creating and managing the governance structure for the Information Security Program.
- Collaboration: Work with various departments, third-party vendors, and business partners to identify risks and maintain compliance.
- Project Support: Participate in Information Security projects, keeping up-to-date with regulatory changes and modern security controls.
- Documentation: Ensure all processes and procedures are well-documented to support audit and compliance efforts.
Qualifications
- Education: Bachelor’s Degree in computer science, information technology, or related field.
Experience:
- Minimum of 8 years in progressively responsible technology governance.
- Extensive experience with compliance frameworks such as GDPR, HIPAA, PCI DSS, NIST, ISO/IEC.
Skills:
- Strong attention to detail and decision-making skills.
- Effective facilitation, organization, negotiation, consultation, and communication.
- Knowledge of best practices in information security standards.
- Ability to develop productive relationships across project teams and workgroups.
Communication: Must be highly articulate and capable of communicating effectively with both technical and non-technical stakeholders.
