Senior Security Analyst, Governance, Risk, and Compliance

Caliber Collision•Lewisville, TX

17h

About The Position

Service Center CSCS TX Responsibilities Develop, maintain, and update security policies, procedures, and guidelines to ensure alignment with industry standards (e.g., ISO 27001, NIST). Assist in defining security governance frameworks and ensure adherence across the organization. Conduct risk assessments to identify and evaluate security risks within systems, processes, and third-party vendors. Evaluate third-party security controls and manage vendor compliance with organizational security requirements. Lead the design, development, and execution of compliance program to ensure that technology and business processes meet compliance requirements. Assist with managing all aspects of the compliance program, including gap assessment, risk management, risk mitigation, monitoring/auditing, policy administration, addressing violations, and performing corrective actions. Manage the monitoring of business and technology activities and risks for compliance with applicable rules and regulations of cybersecurity. Communicate complex issues in simple terms to executive management and team members. Conduct scoping and risk assessments to determine risk impact, meaningful control design, impact, and issues with the leadership team. Analyze risks around platform transaction processing and impact on compliance controls. Track relevant laws and regulations and update operating manuals, policies and procedures documents when regulations change related to cybersecurity. Prepare compliance status reports for internal management, clients and auditors. Grow Technology Compliance capabilities on-prem and in key cloud environments (e.g. Azure, GCP, Snowflake). Identify, develop, and implement monitoring activities for high risk, externally exposed applications Consult with key stakeholders on existing, modified, and future governance risk and controls activities including ones related to Sarbanes Oxley (SOX) and Internal Controller. Oversee daily operations of the Technology Compliance Dashboard in order to: Identify daily control gaps and monitor remediation to completion Troubleshoot technology issues within the dashboard Identify and document business requirements for new monitoring controls Work with various IT teams to convert business requirements into new monitoring controls Stay informed on key changes within the IT and cyber security environments to keep Technology Compliance procedures aligned with current processes and risks Review, critique, and recommend best practices for improving current processes through automation Promote a culture of cyber security risk awareness by providing subject matter expertise on control identification, implementation, monitoring, and best practices Maintain and develop existing and new contacts within the professional network of cyber security and IT risk management peers and consultants/vendors Continuously develop knowledge of evolving best practices through peer benchmarking, industry events/associations, and educational opportunities

Requirements

Bachelor’s degree in computer science, Information Security, or related field
Professional certifications such as CISSP, CISM, CISA, or equivalent
5+ years of experience working in cyber security, IT risk, audit, and/or IT compliance
Strong knowledge of IT auditing and risk management techniques and IT general control processes (change management, systems development life cycle, information security, IT operations, etc.)
Successful track record of positively influencing stakeholders
Strong communication and presentation skills
Experience establishing strong working relationships with business partners
Demonstrated ability to work across organizational boundaries, and influence others
Ability to define and manage internal projects and milestones and demonstrated leadership skills
Demonstrated ability to develop and present risk information to all levels of an organization
Experience with automating controls, data and analytics
Strong understanding of IT Risk Management requirements and frameworks, including SOX, COBIT, and NIST CSF
Must be eligible to work in the U.S. with no restrictions.

Responsibilities

Develop, maintain, and update security policies, procedures, and guidelines to ensure alignment with industry standards (e.g., ISO 27001, NIST).
Assist in defining security governance frameworks and ensure adherence across the organization.
Conduct risk assessments to identify and evaluate security risks within systems, processes, and third-party vendors.
Evaluate third-party security controls and manage vendor compliance with organizational security requirements.
Lead the design, development, and execution of compliance program to ensure that technology and business processes meet compliance requirements.
Assist with managing all aspects of the compliance program, including gap assessment, risk management, risk mitigation, monitoring/auditing, policy administration, addressing violations, and performing corrective actions.
Manage the monitoring of business and technology activities and risks for compliance with applicable rules and regulations of cybersecurity.
Communicate complex issues in simple terms to executive management and team members.
Conduct scoping and risk assessments to determine risk impact, meaningful control design, impact, and issues with the leadership team.
Analyze risks around platform transaction processing and impact on compliance controls.
Track relevant laws and regulations and update operating manuals, policies and procedures documents when regulations change related to cybersecurity.
Prepare compliance status reports for internal management, clients and auditors.
Grow Technology Compliance capabilities on-prem and in key cloud environments (e.g. Azure, GCP, Snowflake).
Identify, develop, and implement monitoring activities for high risk, externally exposed applications
Consult with key stakeholders on existing, modified, and future governance risk and controls activities including ones related to Sarbanes Oxley (SOX) and Internal Controller.
Oversee daily operations of the Technology Compliance Dashboard in order to: Identify daily control gaps and monitor remediation to completion Troubleshoot technology issues within the dashboard Identify and document business requirements for new monitoring controls Work with various IT teams to convert business requirements into new monitoring controls Stay informed on key changes within the IT and cyber security environments to keep Technology Compliance procedures aligned with current processes and risks
Review, critique, and recommend best practices for improving current processes through automation
Promote a culture of cyber security risk awareness by providing subject matter expertise on control identification, implementation, monitoring, and best practices
Maintain and develop existing and new contacts within the professional network of cyber security and IT risk management peers and consultants/vendors
Continuously develop knowledge of evolving best practices through peer benchmarking, industry events/associations, and educational opportunities