Senior Security Analyst, Governance, Risk, and Compliance

Service Center

CSCS TX

Responsibilities

• Develop, maintain, and update security policies, procedures, and guidelines to ensure alignment with industry standards (e.g., ISO 27001, NIST).
• Assist in defining security governance frameworks and ensure adherence across the organization.
• Conduct risk assessments to identify and evaluate security risks within systems, processes, and third-party vendors.
• Evaluate third-party security controls and manage vendor compliance with organizational security requirements.
• Lead the design, development, and execution of compliance program to ensure that technology and business processes meet compliance requirements.
• Assist with managing all aspects of the compliance program, including gap assessment, risk management, risk mitigation, monitoring/auditing, policy administration, addressing violations, and performing corrective actions.
• Manage the monitoring of business and technology activities and risks for compliance with applicable rules and regulations of cybersecurity.
• Communicate complex issues in simple terms to executive management and team members.
• Conduct scoping and risk assessments to determine risk impact, meaningful control design, impact, and issues with the leadership team.
• Analyze risks around platform transaction processing and impact on compliance controls.
• Track relevant laws and regulations and update operating manuals, policies and procedures documents when regulations change related to cybersecurity.
• Prepare compliance status reports for internal management, clients and auditors.
• Grow Technology Compliance capabilities on-prem and in key cloud environments (e.g. Azure, GCP, Snowflake).
• Identify, develop, and implement monitoring activities for high risk, externally exposed applications
• Consult with key stakeholders on existing, modified, and future governance risk and controls activities including ones related to Sarbanes Oxley (SOX) and Internal Controller.
• Oversee daily operations of the Technology Compliance Dashboard in order to:
  • Identify daily control gaps and monitor remediation to completion
  • Troubleshoot technology issues within the dashboard
  • Identify and document business requirements for new monitoring controls
  • Work with various IT teams to convert business requirements into new monitoring controls
• Stay informed on key changes within the IT and cyber security environments to keep Technology Compliance procedures aligned with current processes and risks
• Review, critique, and recommend best practices for improving current processes through automation
• Promote a culture of cyber security risk awareness by providing subject matter expertise on control identification, implementation, monitoring, and best practices
• Maintain and develop existing and new contacts within the professional network of cyber security and IT risk management peers and consultants/vendors
• Continuously develop knowledge of evolving best practices through peer benchmarking, industry events/associations, and educational opportunities

Requirements

• Bachelor’s degree in computer science, Information Security, or related field
• Professional certifications such as CISSP, CISM, CISA, or equivalent

• 5+ years of experience working in cyber security, IT risk, audit, and/or IT compliance
• Strong knowledge of IT auditing and risk management techniques and IT general control processes (change management, systems development life cycle, information security, IT operations, etc.)
• Successful track record of positively influencing stakeholders
• Strong communication and presentation skills
• Experience establishing strong working relationships with business partners
• Demonstrated ability to work across organizational boundaries, and influence others
• Ability to define and manage internal projects and milestones and demonstrated leadership skills
• Demonstrated ability to develop and present risk information to all levels of an organization
• Experience with automating controls, data and analytics
• Strong understanding of IT Risk Management requirements and frameworks, including SOX, COBIT, and NIST CSF

Caliber uses E-Verify to confirm the identity and employment eligibility of all new hires.

Must be eligible to work in the U.S. with no restrictions.