GRC Analyst Job at Gravity IT Resourcing, Boca Raton, FL

bWs2bGtHWEVLSDhOa2U5ejJyZXREb2lJZHc9PQ==
  • Gravity IT Resourcing
  • Boca Raton, FL

Job Description

Job Title: GRC Analyst
Location: Boca Raton, FL (Hybrid)
Job Type: Contract
Referral Fee:
Employment Eligibility: Gravity cannot transfer nor sponsor a work visa for this position. Applicants must be eligible to work in the U.S. for any employer directly 

Position Overview
The GRC Analyst is responsible for the management, assessment, and mitigation of risks are fundamental components of our information assurance and cyber security program at the Florida Turnpike Enterprise. This position leads the IT security risk and audit program for information systems security using generally accepted standards and frameworks for IT audit and risk management (e.g., NIST, ISO, PCI, and ISACA). The position is responsible for the development and implementation of the IT security risk and audit strategy that perform information systems and business process risk assessments and evaluate the effectiveness of technical, physical, and administrative controls to identify control weakness.
Duties and Responsibilities
  • Perform PCI, ISO, COBIT, and applicable State of Florida cybersecurity controls-related reviews to ensure that current, new, and technology infrastructure complies with these standards and Department’s security policies.
  • Plan and perform IT security controls effectiveness quarterly reviews. Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls.
  • Maintain IT security risk and compliance matrix and performs management reporting. This will include IT systems controls, and business process risks to meet compliance requirements. Provide risk mitigation strategies
  • Maintain Third Party Risk Management Program (TPRM) and analyze SOC-2 and other reporting including mapping to key IT security and compliance controls such as NIST, PCI, and COBIT.
  • Manage IT security vulnerabilities management program aligned with PCI and NIST standards.
  • Identifying and ranking the value, sensitivity, and criticality of the operations and assets that could be affected should a threat materialize in order to determine which operations and assets are the most important.
  • For the most critical and sensitive assets and operations, estimating the potential losses or damage that could occur if a threat materializes, including recovery costs.
  • Identifying cost-effective actions to mitigate and reduce risk. These actions can include implementing new organizational policies and procedures as well as the design of technical or physical controls.
  • Coordinating, tracking, and verifying remediation of audit findings.
  • Documenting the results and developing a plan of action and milestones for mitigating any identified risk.
  • Produce formal audit reports based on ISACA Audit Standards.
  • Promotes compliance with regulatory requirements (e.g. PCI DSS) and IT best practices.
Required Experience and Skills
  • 7-10 years of IT Audit experience (CISA certified preferred)
  • 3 years of IT Risk Management lifecycle experience
  • 3 years of hands-on technical experience (e.g. developer, system administrator)
    Experience working with NIST 800-30 Risk Assessment Standard
  • Extensive experience with IT General Controls evaluation and design
  • Advanced skill level in business process mapping and documentation as well as policy and procedure development
  • Rcent experience in Information Security with up-to-date knowledge of the current threat landscape.
  • Solid understanding of PCI DSS standards
  • CISM or CISA preferred

Job Tags

Contract work, Work visa,

Similar Jobs

Jewish Community Center of Greater Kansas City

Swim Instructor/Swim Coach Job at Jewish Community Center of Greater Kansas City

 ...Schedule: Swim Instructors: Aug-Dec on Thursdays 5-8pm and Sundays 12-3pm. Additional hours available for: swim teach coaching private swim lessons (open schedule depending on need) Swim Coach needed Mondays and Wednesdays 5:30-7:30pm and Saturdays 9am... 

VETS

Information Technologist Support (IT) Job at VETS

 ...for employment without regard to race, color, religion, sex, national origin, age, or disability. VETS is a Department of Veterans Affairs, Center for Veterans Enterprise (CVE) certified Service-Disabled Veteran-Owned Small Business (SDVOSB). Based in Tysons Corner... 

Marriott International

Night Auditor - Part Time Job at Marriott International

Job Description POSITION SUMMARY Check figures, postings, and documents for accuracy. Record, store, access, and/or analyze computerized financial information. Control and secure cash and cash equivalents for property according to cash handling policy and procedures...

Radisson Portland Airport Hotel

Night Auditor Job at Radisson Portland Airport Hotel

 ...motivated and customer-focused individual to join our team as a Night Auditor. In this role, you will be responsible for providing exceptional...  ...night audit procedures. Position Information: Full-time, $18.00 hourly rate. Please note this position will require... 

NOV Inc

Plant Manager (Fabrication): Dammam 2nd Industrial City Job at NOV Inc

 ...experience and skills required as per job description below.Job Summary:Reporting to the Director of Operations MENA Region the KSA Plant Manager is responsible for the sustainable and profitable business growth and development in the Kingdom of Saudi Arabia (KSA) and is the...