Info Sec GRC Analyst III

About The Position

Requirements

• Bachelors: Computer and Information Science
• Bachelors: Information Technology
• Bachelors (Required) Any equivalent combination of experience and education.
• Four – Six years of experience in CyberSecurity, Information Security, Auditing, Risk Management, Information Assurance, and/or work supporting and maintaining a network or cloud environment. | Required
• Certified Information Security Manager (CISM) - ISACA (Information Systems Audit and Control Association)
• Certified Information System Auditor (CISA) - ISACA (Information Systems Audit and Control Association)
• Certified Information Systems Security Professional (CISSP) - ISC2

Responsibilities

• Assist in protecting the integrity, availability and confidentiality of network resources and data.
• Assist in the development and enforcement of security policies, standards, and procedures.
• Participate in network, system, and application vulnerability assessments, generate report findings, and oversee remediation activities.
• Participate in the monitoring and periodic testing of IT compliance controls to ensure ongoing adherence to PSECU policies, standards, and industry frameworks for both cloud and on-prem solutions.
• Perform or coordinate control testing, assessments, and monitoring to ensure that Information Technology processes and controls are effective, functioning as designed, and managed to the appropriate level of risk.
• Coordinate IT self-assessment compliance reviews based on regulatory, industry standards, and internal policy requirements.
• Evaluate any related external frameworks or standards ((e.g., ITIL, COBIT, National Institute of Standards and Technology [NIST], ISO 27002, Center for Internet Security Critical Security Controls (SANS 20) etc.) or internal policies/standards (e.g., code of conduct, record retention, and acceptable use, etc.) to determine the relevant IT compliance requirements and controls.
• Independently conduct risk assessments to identify gaps in the control structure.
• Participate in the vendor management and due diligence process.
• Consult with business units when negotiating and contracting third-party service provider arrangements to ensure associated information security risks are considered.
• Perform necessary due diligence activities to determine third-party adherence with IT compliance requirements prior to establishing a business relationship.
• Participate in or conduct incident response investigations by using and understanding PSECU’s Incident Management procedures.
• Participate in the Incident Management Program in order to plan and respond effectively to a compromise of PSECU’s IT infrastructure or to an unauthorized access and/or disclosure of sensitive company, member, or employee data.
• Review SIEM, operational logs, and event console activity to identify and determine the cause of security related events.
• Assist in developing Information Security and Privacy Awareness content employees, members.
• Assist in socializing PSECU Policies and Standards to PSECU employees.
• Collect evidence for internal and external audits.
• Research and respond to internal and external audit finding
• Other duties as assigned.