Job Description
Title: Senior Cybersecurity GRC Analyst
Location: San Jose, CA (Onsite)
Duration: 6+ Months
Rate Range: $85/hr to $95/hr on w2
Requirements:
- Experience: Minimum 10 years of experience managing Cybersecurity compliance programs from inception to completion.
- Framework Proficiency: Expert knowledge of industry-standard programs (e.g., ISO 27001, CIS v8.1, NIST 800-53, NIST 800-171, CMMC, FedRAMP).
- Analytical Skills: Strong analytical thinking with the ability to prioritize complex tasks within a fast-paced, evolving environment.
- Security Knowledge: A strong foundation in IT security concepts with a heavy emphasis on Security Risk Assessment.
- Certifications: Relevant professional certifications such as CISSP, CISM, or CISA.
Description:
• Governance & Compliance Leadership:
o Develop and manage the overarching Compliance Program to ensure alignment with industry standards (e.g., SOC2, NIST 800-171, ISO 27001, NIST 800-53).
o Partner with IT Security Operations to ensure security controls are properly designed, implemented, and operating effectively.
• Risk Management & Assessment:
o Lead comprehensive cybersecurity risk assessments across the enterprise, identifying vulnerabilities and recommending prioritized mitigation strategies.
• Identity & Access Governance:
o Oversee and collaborate with stakeholders to execute quarterly user access reviews (UAR) and monthly user activity monitoring.
• Third-Party Risk Management (TPRM):
o Own and maintain Third-Party Risk Management evaluation practices, ensuring vendors are vetted against corporate security standards to mitigate supply-chain risk.
• Policy & Process Engineering:
o Author, maintain, and update information security policies and Standard Operating Procedures (SOPs) to ensure alignment with evolving industry standards.