Position Summary:
The Data Security Controls senior analyst position will be an integral member of the Information Security and Risk Management team. This role will be responsible for design, development, implementation and monitoring of security controls to identify and mitigate information security risk with data protection. Work in Chief Information Security Officer (CISO) office under Associate Director, Information Security Governance, Risk and Compliance, this role serves as an information security technology expert for Grant Thornton to support the design, implementation, and maintenance of a cohesive security operations/monitoring solution for data security controls. The successful candidate will have a good mix of deep technical knowledge, understanding of industry standards and controls, and a demonstrated background in information security risk management program.
Key Responsibilities:
- Provide ongoing assessment of InfoSec’s risk profile through regular monitoring and status reporting of risks, issues, events, and initiatives within data governance processes
- Assist with operationalizing Data Classification technology deployment, implementation, and functional issues
- Monitor and oversee the progress of risk assessments; address and resolve complex issues and assist with Operational Risk event remediation efforts when needed
- Partner with stakeholders, including process owners and control owners, to document processes (via process flows), risks, and controls, enhance control language, and assist to develop/maintain control objectives that validate controls are being performed in compliance with policies, standards, procedures, and other requirements to mitigate security risk
- Support iterative review of assessment results, working with appropriate stakeholders across the lines of defense
- Perform and facilitate the collection, review, and assimilation of risk assessment data and reporting into concise and meaningful reports
- Coordinate efforts with InfoSec’s Issues and Events Management and Control Testing functions, to continually update control effectiveness and residual risk rating of InfoSec’s business processes as needed
- Perform 3rd party security risk assessment, control testing, and reporting
- Support the execution of front-line controls, self-assurance, and risk assessment activities (ad-hoc controls review, business process management (BPM), risk control self-assessment (RCSA), and independent risk and audit activities as directed
- Assess exposure to risk, measure operational risk against ERM frameworks, assist in establishing policies and procedures to minimize risk, identify ways to protect the organization from data loss and reputational damage
Required Education & Experience:
- Excellent organization skills and be a self-motivated learner
- Expert with security control design, development, implementation, and monitoring
- Experience with regulatory requirements (i.e. PCI; GDPR; HIPPA; Privacy; CCPA; etc.)
- Experience with information security risk management framework, assessment, audit and controls based on industry standard frameworks (i.e. NIST; ISO; COSO; HiTrust)
- Experience using GRC tools and technologies in support of the assessment/audit process (RSA Archer, Security Scorecard, Risk Recon, etc.)
- Demonstrated advanced verbal and written communication skills
- Experience gathering information from a range of different sources to help identify weaknesses in security controls
- Bachelor’s degree in Computer Science, Engineering or related field or equivalent work experience
- CISA, CRISC, CISM, or CISSP certifications (one or more) preferred.