Our Firm

Careers

VIEW ALLAPPLY NOW

Governance Risk and Compliance Security Sr. Analyst

Experienced

Trintech | Information Technology | Addison, TX

 

Must be familiar with Governance Risk and Compliance(GRC) solutions and technology platforms. General knowledge of security tools, solutions, and appliances in support of security domains such as: network security, e-Mail and end-point security, vulnerability scans, access controls, and log management etc. Basic technical understanding of cloud services principles such as IAAS, SAAS, and PAAS. Practical knowledge and experience with compliance and security framework standards such as SOX, PCI, SOC, NIST, ISO 27001, HITRUST, HIPAA and HITECH. Must have knowledge of compliance audit processes and IT security risk assessment programs. Capable of articulating general IT security policies, processes, and technical controls.

Responsibilities

ESSENTIAL DUTIES AND RESPONSIBILITIES TO PERFORM THIS JOB SUCCESSFULLY INCLUDE, BUT ARE NOT LIMITED TO THE FOLLOWING:

  • Provide support and contribute to the Trintech InfoSec GRC programs such as: Policy Management, Risk Management, Third Party/Vendor Management, Compliance Management, RFP/SAQ Process Management and others.
  • Contribute to the strategy and execution of the overall security governance and risk management program
  • Collaborate with different departments in the analysis, response, and document packages of RFPs and security questionnaires as required by clients of EW business units.
  • Assess and monitor security processes and controls to assure compliance with applicable security frameworks, regulatory, and client requirements as well as promote good information security practices.
  • Operationalize and manage the awareness and adoption of GRC processes
  • Generates reports on assessment findings and summarizes them to facilitate remediation tasks for other IT operational teams.
  • Conduct formal risk analysis and self-assessments program for various Trintech brands and the associated information services systems, processes, and infrastructure.
  • Facilitate HIPAA, SOC1, SOC2 audit engagement, data/artifact collection, exception remediation and monitoring.
  • Key contributor to the design, implementation, and optimization the GRC application or solutions.
  • Contributes to maintenance and update of library of information security control policies and standards based on NIST Cybersecurity Framework and other industry best practices.
  • Maintain awareness of changes or updates on security control frameworks, compliance laws and statute and identify the impact to the business and its security posture.
  • Track remediation activities and relevant metrics to help communicate status, demonstrate progress and build awareness of GRC processes
  • Facilitate information security awareness programs and facilitate periodic awareness training, phishing campaigns, security newsletters and publications.
  • Conduct or participate in cross-training sessions with the Information Security Engineering team in the management and configuration of security tools and technical controls.
  • Troubleshooting and resolving security related GRC and technical issues effectively and efficiently.
  • Foster relationships with security, software engineering, legal, and business stakeholders to strengthen security governance and risk management
  • Providing appropriately detailed and timely follow-up support with customers (internal and external)
Providing updates, status, and completion information to the Director of Security an Compliance.
Skills & Requirements

  • B.S. degree or equivalent work experience in security, risk management, compliance, information systems or other relevant fields
  • 3+ years of combined risk management, risk consulting, in information security, risk management, compliance, audit and/or security work experience
  • Practical knowledge and experience with compliance and security framework standards such as SOX, SOC, NIST, ISO 27001, and HIPAA
  • Capable of articulating general IT security policies, processes, and technical controls.
  • Knowledge of qualitative and quantitative risk management approaches and processes, including proven implementation experience
  • Knowledge of security practices and controls applied to address security risks
  • Experience with GRC products (e.g., RSA-Archer, Metric Stream, ServiceNow GRC etc.)
  • Project management capabilities to track progress on GRC process implementation and improvements
  • Advanced interpersonal skills to effectively promote ideas collaborate across teams and influence stakeholders

    CERTIFICATES, LICENSES, REGISTRATIONS

     

  • Certified Information Systems Security Professional (CISSP), Certified Information Systems Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in the Governance of Enterprise IT (CGEIT), or equivalent
  • Knowledge of and experience with quantitative risk management frameworks such as FAIR and OCTAVE
  • Excellent presentation and communication skills
  • Results-oriented, with demonstrated problem-solving abilities
  • Previous experience in a complex SaaS and DevOps, engineering-driven culture preferred
  • Applicant must be willing to travel 10-15% of the time
  • Applicant must be able to travel outside the US
  • Ability to work independently with or without direction and/or supervision.
  • Follow instructions and respond to senior managements’ directions accurately
  • Ability to effectively interface with a broad range of people and roles.
  • Advanced analysis, critical thinking and problem-solving skills
  • Ability to manage multiple tasks with frequent interruptions, occasionally in urgent situations
  • Demonstrate accuracy and thoroughness. Looks for ways to improve and promote quality and monitors own work to ensure quality is met
  • Ability to learn multiple programs and systems
  • Demonstrate effective communication skills by conveying necessary information accurately, listening effectively and asking questions where clarification is needed
  • Ability to effectively interface with a broad range of people and roles.
  • Prioritize work activities and use time efficiently
  • Flexibility and adaptability in work approach.
  • Demonstrate team behavior and must be willing to promote a team-oriented environment