Cyber Security Governance, Risk, and Compliance Analyst Company Description J.S. Held is a global consulting firm that combines technical, scientific, financial, and strategic expertise to advise clients seeking to realize value and mitigate risk. Our professionals serve as trusted advisors to organizations facing high stakes matters demanding urgent attention, staunch integrity, proven experience, clear-cut analysis, and an understanding of both tangible and intangible assets. The firm provides a comprehensive suite of services, products, and data that enable clients to navigate complex, contentious, and often catastrophic situations. Job Description The Cyber Security Governance, Risk, and Compliance Analyst Will Support The Cyber Security Team To Drive The Design, Implementation, And Ongoing Delivery Of: Formal Cyber Security Risk Management. Cyber Security Policies. Cyber Security Compliance. Participate in the review and assessment of third-party vendor security controls to ensure compliance with Cyber Security standards. Third Party Risk Assessments. M&A Cyber Security Due Diligence. Disaster Recovery/Business Continuity Planning (DR/BCP). Help monitor and ensure compliance with relevant regulatory requirements, such as GDPR, HIPAA, ISO 27001, CMMC, NIST CSF, Cyber Essentials+ among others. Support the development of training and awareness programs for employees to promote a security-conscious culture and adherence to J.S. Held. Assist in coordinating internal and external audits and examinations related to Compliance and Cyber Security. Aid in the preparation and presentation of GRC reports, metrics, and key performance indicators as needed. Coordinate annual external penetration test and security assessments utilizing 3rd party. Contribute to incident response activities, including updating the directory, documenting and reporting security incidents, and participating in post-incident analysis to identify areas of improvement. Stay updated on emerging Cyber Security trends, regulatory changes, and industry standards to assist in keeping the organization's GRC practices current and effective. Establishing a process for continuous improvement of the Cyber Security program based on lessons learned from incidents, audits, and assessments. Qualifications Required Qualifications Professional Level / English Fluency (B2). Experienced building and executing technology risk frameworks, assessments, reports, metrics, KRIs, and utilizing risk management tools to analyze and model risk. Experience designing and evaluating Cyber Security processes, risks, and controls. Technical knowledge of Azure, Azure AD, O365, Windows 10/11, iOS, and technical controls to secure Technology assets. Hands-on Cyber Security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations. Strong oral and written communications skills appropriate for interacting with all levels of staff, vendors, and other stakeholders. Ability to develop security standards and guidelines based on best practices and industry standards. Excellent interpersonal, communication, and presentation skills, including formal report writing experience. Proficiency in analyzing security risks, vulnerabilities, and controls within an IT environment. Capability to work on multiple tasks with shifting and sometimes conflicting priorities. Able to work effectively with other departments to develop effective and efficient solutions. Experience designing and implementing information technology processes. Demonstrated experience successfully collaborating with remote colleagues. Experience working with vendors or managing vendor relationships. Experience collaborating with Compliance, Legal, Infrastructure, HR, and Security teams. Ability to deal with ambiguity and flexibility to work collaboratively with others in a dynamic environment. Preferred Qualifications Bachelor’s degree in Computer Science or similar. Minimum 8 years of experience in IT Audit, Risk Management or Compliance. 5+ years (Required) Cyber Security. 3+ years (Required) Cyber Security - Governance, Risk and Compliance (GRC). Professional certifications such as CISA, CompTIA Security+, COBIT, CISM are a plus. Additional Information We welcome applications from individuals with disabilities. If you are an individual with a disability and would like to request a reasonable adjustment in relation to any of the above, please email [email protected] and include “Applicant Adjustment” within the subject line with your request and contact information. Some Of The Benefits We Have Include Our flexible work environment allows employees to work remotely when needed. Generous Annual Leave Policy. Comprehensive Medical Insurance. Other Duties Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties, or responsibilities required of the employee for this job. Duties, responsibilities, and activities may change at any time with or without notice. EEO and Job Accommodations We embrace diversity and our commitment to building a team and environment that fosters professional and personal enrichment is unwavering. J.S. Held is an equal opportunity employer that is committed to hiring a diverse workforce. Seniority level Mid-Senior level Employment type Full-time Job function Information Technology Industries Business Consulting and Services #J-18808-Ljbffr