Job Description

Job Description

Job Description

Salary: $132,000

The Information Security Governance, Risk and Compliance Analyst is responsible for supporting the development and maintenance of information security policies and procedures. The GRC Analyst assists the CIO with assessing and prioritizing information security and cybersecurity risk across the organization, facilitates compliance with regulatory requirements and information security policies, and develops and reports on information security metrics. The GRC Analyst is responsible for reducing information security and cybersecurity risk to EACOWT by helping to prioritize and drive remediation efforts throughout the organization.

ESSENTIAL DUTIES

· Governance and Compliance : Develops and implements a data security risk reporting framework, aligned with NIST SP 800-53, for CIO and Executive Management Team (EMT). Manages an exception review and approval process, and assures exceptions are documented and periodically reviewed. Prepares for and facilitates examinations by qualified third-party security assessors. Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for management.

· Information Security Risk Assessment : Identifies, analyzes, evaluates, and documents information security risks and controls based on established risk criteria. Recommends controls to mitigate security risks identified via risk assessment process. Communicates risk findings and recommendations that are clear and actionable by business stakeholders.

· Security Policy Management and Workforce Training and Awareness : Supports workforce security activities including culture, awareness, and training. Researches, recommends, and contributes to information security polices, standards, and procedures. Assists with the lifecycle management of information security policies and supporting documents. Works with other organizational participants to implement information security policies.

· Third-party Supplier and Vendor Risk Management : Supports third-party supplier risk assessments to ensure supply chain risk is managed throughout the supplier's lifecycle. Assesses and reports on the risks and benefits for the business as well as mandates for supplier compliance. Assists with review of information security sections within supplier contracts, identifies gaps, and recommends security and data privacy content to close gaps. Maintains inventory of relevant suppliers/vendors, controls, and risks for ongoing vendor risk management activities.

· Performs other related duties as assigned by management. 

SUPERVISORY RESPONSIBILITIES

DUCATION AND KNOWLEDGE

Requirements:

- Bachelor’s or Master’s degree in Cybersecurity, Information Technology, Engineering, or related field preferred.

- 5-7 years of progressively responsible experience performing risk assessments, writing policies to comply with NIST regulations, or implementing other key GRC functions.

- Ability to analyze data and information with a detailed understanding of regulatory requirements that impact Department of Defense (DoD) contractors, as well as DoD security frameworks and methodologies.

- Ability to work well with people from different disciplines with varying degrees of technical experience

- Good analytical and problem-solving skills

- Excellent organizational skills with thorough attention to detail

- Ability to work comfortably under pressure and deliver on tight deadlines ER QUALIFICATIONS

· Excellent verbal and written communication skills.

· Strong interpersonal and presentation skills.

· Must be a self-motivated, dynamic, and creative team player.

· Ability to act with integrity, professionalism, and confidentiality.

· Ability to work independently, and collaboratively in a fast-paced small team environment.

· Ability to prioritize work and handle multiple projects simultaneously. 

TRAVEL

· Approximately 10% travel is required for this role (primarily within US but occasional international travel may also be required). 

PHYSICAL DEMANDS AND WORK ENVIRONMENT

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. While performing the duties of this job, the employee is regularly required to sit and talk or hear. The employee is occasionally required to walk. The employee must regularly lift and/or move up to 20 pounds.

OneWeb Technologies is an Equal Opportunity Employer and does not discriminate on the basis of actual or perceived race, color, creed, religion, national origin, ancestry, citizenship status, age, sex or gender (including pregnancy, childbirth and pregnancy-related conditions), gender identity or expression (including transgender status), sexual orientation, marital status, military service and veteran status, physical or mental disability, genetic information, or any other characteristic protected by applicable federal, state or local laws and ordinances.

The above is intended to describe the general content of and requirements for the performance of this position. It is not to be construed as an exhaustive statement of duties, responsibilities, or physical requirements. Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Job Tags

Similar Jobs