Job Description

Senior IT GRC Policy Analyst

The Senior IT Policy Analyst works to provide IT policies aligned with NIST security controls for the Company. This position will helm all policy work including tracking and updating current policies, managing policy exceptions, and providing metrics and reporting on policy work. This position will also manage the cybersecurity awareness training program which includes annual training, phishing training, and specialty training for specific groups within the Company.

Responsibilites:

• Oversee and manage all policies including revisions
• Develop and manage the policy exception process including metrics and reporting
• Coordinate with key stakeholders on policies and standards across the Company
• Research and evaluate policies to ensure they are current and follow all applicable laws, regulations, and guidelines
• Identify and implement GRC security controls based on the NIST framework
• Manage the cybersecurity awareness program including annual training, phishing training, and special group training
• Collaborate within the GRC team on larger GRC projects around risk analysis and compliance requirements

Preferred Skills:

• 3-to-5 years experience working with NIST Cybersecurity Framework, and familiarity with NIST 800-53 Rev. 5
• 3-to-5 years experience managing a policy program including updating current policies, tracking exceptions, and developing and reporting out metrics
• 3 -to-5 years experience working with security content platforms and developing curricula for cybersecurity training

Job Tags

Similar Jobs