Work In Tech

The role of the Sr. Analyst, Governance, Risk, and Compliance (GRC) will supportthe eSentire CyberSecurity Teams activities in alignment to business strategy. This role will conduct risk assessments based on established processes and work with risk owners to develop risk remediation strategies; conduct and support internal audit activities as per the eSentire Audit Schedule; assist the business attain and maintaining its security control objectives to meet various legal, regulatory, industry, and customer requirements; and measure and report associated metrics to ensure that organizational objectives are monitored and achieved.

Position Responsibilities

• Conduct assessments/internal audits against eSentire Security Policies and Directives as directed by Director GRC.
• Assessing internal compliance readiness to external accreditation programs and standards (e.g., PCI, HIPAA, NIST CSF, HITRUST, etc.).
• Track, monitor, and report on audit/assessment remediation efforts.
• Support, development and management of InfoSec policies, standards, and awareness and ensure broad enterprise visibility and education.
• Assess areas of potential risks and collaborate with impacted business units to decide how to avoid, reduce, or transfer these risks.
• Support and collaborate with business and technology leaders and other risk managers to resolve the most challenging risk matters.
• Follow established process to assess vendors and other security related service providers.
• Partner with business and technology leaders in ensuring new and existing business relationships adequately address information security risk through vendor management, security engineering engagements, and security assessments of processes and procedures.
• Manage specified Governance Risk and Compliance (GRC) projects from inception to completion.

Education and Experience

• Preferred bachelor's degree in related field or equivalent combination or experience and education
• Five (5) plus years of IT Security, Assessment, Compliance experience.
• CISSP, CISM, CRISC, or CISA preferred
• Experience in managing and accessing information security risks
• Functional knowledge of ISO 27001, NIST, PCI, AICPA SOC2

Required Skills and Abilities

• Ability to formulate and communicate strategies and concepts to non-technical associates
• Ability to read and interpret documents clearly and informatively
• Well-developed verbal and listening communication skills
• Strong written communication skills with the ability to write technical documentation, reports and correspondence
• Ability to define problems, collect data, establish facts, and draw valid conclusions
• Ability to exercise good judgment and make sound decisions independently; delegate/escalate issues appropriately
• Ability to solve practical problems and deal with a variety of concrete variables in situations where only limited information is available
• Analytical thinker with desire to be continually challenged
• Well-developed interpersonal skills, including proven ability to interact with diverse personalities and in a tactful, mature, and flexible manner
• Ability to establish creditability and be decisive but also to recognize and support the organization’s preference and priorities
• Ability to work under strict deadlines, detail oriented, and the flexibility to think of alternative solutions
• Ability to initiate immediate interaction, coordination, and collaboration with team members, clients, customers etc.
• Excellent written and oral communication skills, with the ability to brief stakeholders on complex issues in a succinct manner

#LI-Remote

#LI-SJ