Detalle de la Oferta

Descripción de la Oferta

Resumen

What’s the role

The Information Security GRC Analyst will support cybersecurity compliance and risk program initiatives. Reporting to the Senior Manager of Information Security GRC, this person will work closely with IT, Information Security, and key business stakeholders to support critical risk management processes and company certifications.

We are looking for an energetic, self-motivated individual to join our growing GRC Team. You will play a pivotal role in ensuring our company adheres to key regulatory and industry compliance requirements. You will help enhance our information security posture and compliance framework. This position involves leading teams that support audit activities and working closely with different stakeholders to maintain and improve our compliance and security standards.

Responsabilidades

What you’ll do

- Deliver and/or lead technology and security audits across LLA markets, participating in all stages of the audit from planning, execution, reporting and follow-up. It is important to be able to deliver projects on time, within budget.
- Fully understand and communicate the impact of audit findings, including root cause analysis. As technology and security can be complex, being able to communicate complex technical issues and ideas in simple terms is highly valued.
- Make value-added recommendations to the business to improve controls, processes, and overall governance.
- Engage with stakeholders to obtain a comprehensive understanding of the business under review and the implications for audit.
- Drive GRC tool adoption and support tool management.
- Build trust and credibility with technology stakeholders throughout the audit process.
- Maintain audit documentation in accordance with LLA audit methodology.
- Implements security controls, risk assessment framework, and program that aligns to all relevant laws and regulatory requirements, ensuring documented and sustainable compliance that aligns with LLA objectives.
- Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves LLA security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.
- Update security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS) as applicable.
- Assists other staff in the management and oversight of security program functions.
- Remains current on best practices and technological advancements and acts as the organizations’ resource for security assessment and regulatory compliance.
- Maintains knowledge of applicable rules, regulations, policies, laws, and guidelines that may impact any LLA locations.
- Additionally, the successful candidate will have good experience conducting technical control assessments of information security controls and processes within data center and cloud environments.

Calificaciones

Required Education / Qualifications

- Bachelor or Graduate degree in a cybersecurity, information systems, or related field
- Equivalent Education and/or Experience - May have an equivalent combination of education and/or experience in lieu of specific education and/or experience as stated above.
- Industry related certifications: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP), ISO 27001 Lead Auditor certification.

Required Experience:

- 5 years’ experience in a cybersecurity, audit, risk, compliance, or GRC role required.
- Working knowledge of common security and privacy frameworks and regulation (e.g. ISO, NIST, CIS, SOC 2, HIPAA, CCPA, PCI DSS, COBIT, and ITIL)
- Experience performing or supporting audit for ISO 27001 (Information Security), ISO 22301 (Business Continuity), ISO 9001