Sr. Analyst, Cybersecurity Governance, Risk & Compliance

Senior Analyst, Cyber Security Governance, Risk & Compliance

Location: Chicago, IL

Position Summary:

We are seeking a seasoned Cyber Security GRC Senior Analyst to contribute to the development and enhancement of our cyber security GRC program. You will collaborate closely with the Chief Information Security Officer (CISO) and play a vital role in our cyber security team.

Responsibilities:

• Develop, refine, and implement enterprise-wide cyber security policies, standards, and controls to manage risks and ensure compliance with relevant regulations.
• Establish and execute a robust cyber security risk management program, identifying risks, providing mitigation recommendations, and collaborating with stakeholders to implement controls.
• Maintain a cyber security risk register and collaborate with stakeholders to develop action plans for risk mitigation.
• Conduct ongoing compliance reviews in alignment with security policies, regulations (SOX, GDPR), and frameworks (NIST CSF, MITRE, PCI-DSS), working closely with IT and business units.
• Design and implement security training and awareness initiatives.
• Collaborate on data classification efforts and develop and operationalize a data loss prevention program.
• Participate in incident response exercises, business continuity planning, penetration testing, and compliance activities, tracking progress on remediation efforts.
• Stay informed about emerging cyber security threats and provide guidance to stakeholders on response strategies.
• Develop and maintain key performance indicators (KPIs) and key risk indicators (KRIs) for the cyber security program.
• Manage security projects and tasks as assigned by management within the cyber security team.

Qualifications:

• Minimum of 3 years of hands-on experience in cyber security GRC.
• Bachelor’s Degree or higher in an Information Technology discipline; equivalent combination of education and experience considered.
• Preferred professional certifications: CRISC, CISM, CGEIT, GRCP.
• Proficiency in industry frameworks such as NIST, ISO, MITRE, OWASP, PCI-DSS, SOX.
• Thorough understanding of data privacy regulations like CCPA, GDPR.
• Experience conducting cyber security risk assessments.
• Ability to translate technical language into business risks effectively.
• Strong analytical and problem-solving skills.
• Excellent verbal and written communication skills, with the ability to collaborate effectively with stakeholders.
• Demonstrated ability to deliver results in a fast-paced environment with shifting priorities.
• Passion for cyber security.

Core Competencies:

• Action Orientation
• Drive for Results
• Business Acumen
• Problem Solving
• Risk Management

Success Measures:

• Within ninety (90) days:
  • Initiate assessment and documentation of cyber security risks.
  • Begin establishing relationships with stakeholders across the enterprise.
• Within six (6) months:
  • Establish a cyber risk management program to address enterprise and third-party risks.
  • Develop cyber security policies and standards.
  • Commence establishment of a cyber security compliance program.
• Within one (1) year:
  • Effectively track cyber security risks and collaborate with stakeholders on remediation efforts.
  • Establish and report on KPIs and KRIs.