GRC Specialist

Skills

• Four (4) years of Information Security experience required, with hands-on technical experience preferred.
• Strong communication skills, including message creation and verbal presentations, with tact and diplomacy.
• Strong knowledge of Security frameworks and technologies such as ISO 27001, NIST, SOC, SIG.
• Experience with network, application, and cloud security.
• Prior IT Security experience in the legal industry is preferred.
• Bachelor's degree or five (5) years of work experience in IT Security is required.
• Technical writing experience, especially in instructional content and educational writing.
• Strong knowledge of risk management principles and practices.
• Strong knowledge of security administration and role-based security controls.
• Three or more years of experience managing timelines and being self-directed is preferred.
• Experience in managing GRC tools (administrative and/or engineering) is preferred.
• Ability to interview, gather, and understand content from subject-matter experts.
• Maintain accurate records and manage client security and risk requests.
• Ability to act as the primary Security Subject Matter Expert (SME).
• Ability to facilitate and lead project and vendor risk assessments independently and provide guidance on secure design and operation.
• Ability to complete and assist in client security questionnaires and security assessments regarding the firm's security program and controls.
• Demonstrated ability to create and maintain security policy, standard, guideline, and procedure documents.
• Demonstrated ability to communicate technical topics effectively to varied audiences, including IT Subject Matter Experts, senior management, and non-technical users.
• Strong organizational and problem-solving skills.
• Strong project and time management skills.
• Strong reading comprehension skills.
• Strong analytical ability with excellent written and verbal communication skills.
• Ability to work independently and as a team member.
• Broad awareness of and exposure to diverse security tools and their capabilities, including commercial and open-source options.
• Broad experience and exposure to cloud-hosted services, applications, infrastructure, including architecture, log management, monitoring, and security configuration requirements.
• SharePoint administration is preferred for team intranet site management.
• Provide back-end support, report creation, and application updates for GRC platforms.
• Strong PC skills with Microsoft (Word, Excel, PowerPoint), with the ability to perform data analytics and generate succinct reports.
• Knowledge of host and network-based anti-malware technologies.
• Knowledge of authentication technologies and interactions between diverse authentication platforms, both on-site and remote.
• Knowledge of client and server firewall technologies and capabilities.
• Knowledge of security event management (SIEM), event correlation, and analysis technologies.
• Knowledge of data encryption technologies.
• Strong knowledge of Intrusion Detection and Intrusion Prevention technical capabilities.
• Knowledge of web filtering and email SPAM prevention techniques.
• Knowledge of vulnerability assessment and forensic investigation tools.
• Knowledge of mobile device security and Mobile Device Management solutions.
• Knowledge of Privileged Access Management technologies.
• Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA), Certified Information Security Manager (CISM), or other relevant training and certifications are preferred.

Responsibilities

• Lead process improvements, enhance control maturity, and communicate risk across assigned GRC service activities, incorporating ISO 27001 principles for continuous improvement.
• Third-party Vendor Management: Respond to security assessments, questionnaires, and audits from clients and third-party business partners promptly. Document and perform assessments as needed and review contracts for security requirements.
• Policy Management: Write technical policies, standards, and communications. Lead the creation and maintenance of security policies, standards, processes, guidelines, and support documentation.
• Compliance Management: Lead and support processes to ensure IT systems meet cybersecurity and risk requirements. Conduct evaluations of IT programs or components
• for compliance with published standards, manage exceptions, and process requests for exceptions to security controls.
• Assessment Management: Ensure appropriate treatment of risk, compliance, and assurance from both internal and external perspectives.
• Advisory Services: Serve as a subject matter expert for Information Security, consulting with technical and non-technical management and staff.
• Security Awareness Management: Ensure security awareness training is aligned, defined, and executed. Evaluate cyber training/education courses and methods based on instructional needs.
• Administer the GRC technology platforms.

Employers have access to artificial intelligence language tools (“AI”) that help generate and enhance job descriptions and AI may have been used to create this description. The position description has been reviewed for accuracy and Dice believes it to correctly reflect the job opportunity.