• Supports the work of the IT Security Governance, Risk Management & Compliance (GRC) department who are responsible for analyzing and implementing IT Security & Risk Management frameworks policies, standards and best practices.
• Executes regular or scheduled tasks as assigned, summarizing and reporting findings, ensuring that audit issues and associated root causes are understood, well defined and presented to GRC leadership.
• Assist in the development of formal written reports to communicate audit results to management and makes recommendations as appropriate.
• Works with GRC Leadership, Information Technology and Business Units to document and implement IT Security & Risk Management frameworks, policies, standards and best practices.
• Supports and coordinates internal and external audits for the areas of IT Security and Risk Management.
• Coordinates remediation for non-compliant areas of IT.
• Maintain a high level of technical expertise on selected vendor products to assist team leadership in identifying the ones that best meet the organization needs.
• Maintains up to date knowledge of security laws, principles and best practices.
• Stay current with emerging threats and trends.
• Assist teams in various security and privacy risk mitigation efforts.
• Monitor and process Service ticket queues.
• Assists with vulnerability management.
• Conduct risk assessments and audits on the organization' s information technology infrastructure.
• Identify Cyber Security threats/Vulnerabilities and escalate to senior team members.
• Work with a team of Cyber Security Engineers across multiple software programs.
• Ability to work individually and on team projects in an environment of teamwork and cooperation.
• Performs general project planning tasks such as project risk assessments, alternative implementation analysis, and project status tracking and reporting.
Required: At least one Security Governance, Risk and Compliance related certification (Security+/CISSP/GIAC/CRISC/ CGEIT/ PMI-RMP/ CRMA/ GRCP etc...)