IT Governance, Risk and Compliance Analyst

  • location: Des Plaines, IL
  • type: Temp to Perm
  • salary: $45 per hour

job description

IT Governance, Risk and Compliance Analyst

job summary:
Job Title: IT Governance, Risk & Compliance Analyst (Contingent

SUMMARY This individual will have primary and focused responsibility to IT governance, risk and compliance activities. Emphasis will be on executing key controls testing, performing risk assessments and pre-audit activities, tracking remediation activities, and maintaining security compliance documentation across the security program as needed. The individual will also work with the various departments to evaluate the design and effectiveness of the control environment. The IT GRC Analyst will support various GRC initiatives and security projects.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.

Lead SOC2 program activities as they relate to the planning, testing, remediation tracking, internal compliance reporting and external report findings analysis for both the SOC2 Readiness and final SOC2 Examination initiatives. Responsibilities also including working with external auditors and internal stakeholders to complete associated milestones.

Assist with the planning, execution, evidence gathering, and remediation activities of external audits and assessments (i.e., Penetration Testing, Client Security Questionnaires and/or Audits, Financial IT Audit, PCI, etc.).

Maintain internal compliance against information security policies and procedures by completing internal control reviews and risk assessments (e.g., physical storage of sensitive information, validation of endpoint protection and encryption controls, periodic validation of SOC2 controls execution, etc.). This includes identifying and communicating control gaps, evaluating management's remediation action plans, and reporting on the completion of tasks.

Additional responsibilities include assisting on other company projects and initiatives, maintaining a strong knowledge and awareness of external regulations for new and/or changing requirements, and supporting the continuous improvement of governance, risk and compliance programs. Special projects and responsibilities may include:

  • Manage and mature the Security Exception process.
  • Create, manage and assess an IT System Hardening process (i.e., Minimum Security Baselines) for key systems.
  • Respond to security incidents (as required) and assist with the coordination of internal and external auditors as needed.
  • Assist with client and/or vendor security assessments, as needed.
  • Support privacy-related matters and new privacy impact assessments, as needed.
SUPERVISORY RESPONSIBILITIES

None

QUALIFICATIONS To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Working knowledge and experience with SOC2 and other IT controls, including the design and operational effectiveness of such controls as it relates to Readiness preparations and final Examination activities.
  • Working knowledge and experience with PCI Compliance and the Self-Assessment Questionnaire process.
  • Heavy understanding of internal and external auditing techniques (i.e., audit planning, testing, reporting and tracking of controls, including remediation activities).
  • Working knowledge of Information Security best practices, audit frameworks and possibly privacy laws (e.g., familiarity with ISO 27000 series, SANS, NIST, OWASP Top 10, COBIT, CIS Top 20, PCI, CCPA, etc.
  • Understanding of some aspects of Infrastructure technology, including networking, servers, storage, logging and security appliances; some hands-on experience would be preferred.
  • Absolutely trustworthy with high standards of personal integrity, professionalism and accountability to assigned projects and timelines.
  • Excellent written and verbal communication.
EDUCATION and/or EXPERIENCE

  • Bachelor's degree in IT Audit, Computer Science, Information Security or related field of study; or commensurate working experience
  • 3-5 years of work experience in Information Technology, IT Audit and/or Security-related field
CERTIFICATES, LICENSES, REGISTRATIONS

  • None required. Applicable audit and/or security certifications are desirable and strongly encouraged.
PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • General mobility, including ability to maneuver through difficult spaces such as data centers and facility perimeters
WORK ENVIRONMENT

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • General office and remote-working environments
  • No travel required
  • Some off-hours work required
 
location: Des Plaines, Illinois
job type: Contract
work hours: 8am to 4pm
education: Bachelors
 
responsibilities:
Job Title: IT Governance, Risk & Compliance Analyst (Contingent

SUMMARY This individual will have primary and focused responsibility to IT governance, risk and compliance activities. Emphasis will be on executing key controls testing, performing risk assessments and pre-audit activities, tracking remediation activities, and maintaining security compliance documentation across the security program as needed. The individual will also work with the various departments to evaluate the design and effectiveness of the control environment. The IT GRC Analyst will support various GRC initiatives and security projects.

ESSENTIAL DUTIES AND RESPONSIBILITIES include the following. Other duties may be assigned.

Lead SOC2 program activities as they relate to the planning, testing, remediation tracking, internal compliance reporting and external report findings analysis for both the SOC2 Readiness and final SOC2 Examination initiatives. Responsibilities also including working with external auditors and internal stakeholders to complete associated milestones.

Assist with the planning, execution, evidence gathering, and remediation activities of external audits and assessments (i.e., Penetration Testing, Client Security Questionnaires and/or Audits, Financial IT Audit, PCI, etc.).

Maintain internal compliance against information security policies and procedures by completing internal control reviews and risk assessments (e.g., physical storage of sensitive information, validation of endpoint protection and encryption controls, periodic validation of SOC2 controls execution, etc.). This includes identifying and communicating control gaps, evaluating management's remediation action plans, and reporting on the completion of tasks.

Additional responsibilities include assisting on other company projects and initiatives, maintaining a strong knowledge and awareness of external regulations for new and/or changing requirements, and supporting the continuous improvement of governance, risk and compliance programs. Special projects and responsibilities may include:

  • Manage and mature the Security Exception process.
  • Create, manage and assess an IT System Hardening process (i.e., Minimum Security Baselines) for key systems.
  • Respond to security incidents (as required) and assist with the coordination of internal and external auditors as needed.
  • Assist with client and/or vendor security assessments, as needed.
  • Support privacy-related matters and new privacy impact assessments, as needed.
SUPERVISORY RESPONSIBILITIES

None

QUALIFICATIONS To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skill, and/or ability required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • Working knowledge and experience with SOC2 and other IT controls, including the design and operational effectiveness of such controls as it relates to Readiness preparations and final Examination activities.
  • Working knowledge and experience with PCI Compliance and the Self-Assessment Questionnaire process.
  • Heavy understanding of internal and external auditing techniques (i.e., audit planning, testing, reporting and tracking of controls, including remediation activities).
  • Working knowledge of Information Security best practices, audit frameworks and possibly privacy laws (e.g., familiarity with ISO 27000 series, SANS, NIST, OWASP Top 10, COBIT, CIS Top 20, PCI, CCPA, etc.
  • Understanding of some aspects of Infrastructure technology, including networking, servers, storage, logging and security appliances; some hands-on experience would be preferred.
  • Absolutely trustworthy with high standards of personal integrity, professionalism and accountability to assigned projects and timelines.
  • Excellent written and verbal communication.
EDUCATION and/or EXPERIENCE

  • Bachelor's degree in IT Audit, Computer Science, Information Security or related field of study; or commensurate working experience
  • 3-5 years of work experience in Information Technology, IT Audit and/or Security-related field
CERTIFICATES, LICENSES, REGISTRATIONS

  • None required. Applicable audit and/or security certifications are desirable and strongly encouraged.
PHYSICAL DEMANDS

The physical demands described here are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • General mobility, including ability to maneuver through difficult spaces such as data centers and facility perimeters
WORK ENVIRONMENT

The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

  • General office and remote-working environments
  • No travel required
  • Some off-hours work required
 
qualifications:
  • Experience level: Experienced
  • Minimum 3 years of experience
  • Education: Bachelors
 
skills:
  • Requirement Analyst
  • SOC2
  • PCI Compliance
  • ISO 27000
  • SANS
  • NIST
  • COBIT

Equal Opportunity Employer: Race, Color, Religion, Sex, Sexual Orientation, Gender Identity, National Origin, Age, Genetic Information, Disability, Protected Veteran Status, or any other legally protected group status.

get jobs in your inbox.

sign up
{{returnMsg}}

related jobs

    IT Security Analyst

  • location: Des Plaines, IL
  • job type: Temp to Perm
  • salary: $45 per hour
  • date posted: 7/13/2021

    Salesforce Technical Lead

  • location: Lake Bluff, IL
  • job type: Permanent
  • salary: $100,000 - $140,000 per year
  • date posted: 7/15/2021

    Project Coordinator

  • location: Chicago, IL
  • job type: Contract
  • salary: $26.45 - $31.25 per hour
  • date posted: 7/13/2021