Previous Job
Previous
IT Security Analyst
Ref No.: 21-00261
Location: New York, New York
Essential Duties and responsibilities
  • Lead/Manage and play a key role in governance, risk and compliance related assessments, policy and procedures, awareness and training for end users, change management, internal control identification and measurement per applicable guidelines and frameworks
  • Lead risk methodology development and execution maintain updates and mapping of governance, risk and compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, SOX, in addition to other regulatory or industry requirements such as HITRUST, GDPR per applicable guidelines and frameworks: ISO 27001:2005, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.
  • Work across matrix business environments both internal and external for risk and compliance (audit) readiness for regulatory reviews, SOC1, SOC2, SOX, and other industry requirements
  • Manage full end-to-end delivery of assigned project(s), people and process. Provide guidance to other Risk teams across various organizations as requested.
  • Manage builds of internal control catalogues and measurement methods/metrics for risk exposure. Work with business units in a consulting role to assist in their understanding of internal controls and measurements in addressing strategic initiatives, business/client drivers and concerns, future audits and compliance requirements.
  • Lead/Manage methodology development, updates and mapping of governance, risk and compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, SOX, strategic leadership initiatives, and other regulatory or industry requirements such as HITRUST, GDPR per applicable guidelines and frameworks
  • Lead/Manage investigations, evaluations and remediation of operations risk/loss events including root cause analysis and process improvement recommendations within the scope of GRC; monitor remediation plans. Develop strategies to handle risk incidents and trigger investigations.
  • Lead governance, risk and compliance (GRC) liaison with internal and external audit resources, external customers and government regulators, domestic and international.
  • Actively support business units request for information and data security risk, technology risk, technical vendor relationship management, product selection and design related to the authority and responsibility of GRC within an Enterprise Risk Management (ERM) model.
  • Promote a positive, entrepreneurial, consulting, performance focused culture within governance, risk and compliance (GRC) that works effectively with stakeholders in the development and launch of services and programs that support compliance and company growth.
  • Work with divisional management to develop long-term risk strategies, annual risk assessments, risk measurement metrics and tactical plans to reduce company risk exposure.
  • Support the coordination, tracking and reporting on divisional and business units' metrics, results, data modelling, processing, calculating and transformation into meaningful risk metrics and reports.