This individual will interface with the Security Operations, IT Operations, and various business units to: • Perform PCI, SOC2, ISO, and applicable State of Florida cybersecurity controls-related reviews to ensure that current, new, and technology infrastructure complies with these standards and Department's security policies. • Plan and perform IT security controls effectiveness. Manage remediation efforts for the identified gaps including assessment of new or enhanced implemented controls. • Maintain IT security risk and compliance matrix and performs management reporting. This will include IT systems controls, and business process risks to meet compliance requirements. Provide risk mitigation strategies • Maintain Third Party Risk Management Program (TPRM) and analyze SOC-2 and other reporting including mapping to key IT security and compliance controls such as NIST, PCI, and COBIT.
GRC Risk Analyst Skills & Requirements: • 7-10 years of IT Audit experience (CISA certified preferred) • 5 years of IT Risk Management lifecycle experience • 5 years of hands-on technical experience (e.g. developer, system administrator) • Experience working with NIST 800-30 Risk Assessment Standard • Extensive experience with IT General Controls evaluation and design • Advanced skill level in business process mapping and documentation as well as policy and procedure development • Recent experience in Information Security with up-to-date knowledge of the current threat landscape.
Education and Certifications: • Bachelor's Degree in Computer Science, Information Systems, Business Administration, or other related field and/or equivalent work experience. • CISA and CISSP certifications (preferred
Schedule:
8 hour shift
No weekends
Ability to Relocate:
Boca Raton, FL: Relocate before starting work (Required)