Job Description

Job Title : Governance, Risk and Compliance (GRC) Analyst

Department : INFORMATION SYSTEMS
Office Name : Miami, Florida
Address : 8001 Northwest 79th Avenue
City : Miami
Postal code : 33166
Country : United States

POSITION SUMMARY:

The Information Security GRC Analyst has knowledge of risk management, security, regulatory compliance, and privacy practices. They understand and explain to others the cybersecurity requirements for legal and regulatory compliance, including Sarbanes Oxley (SOX), SWIFT, and other applicable federal regulations and statutes. In addition, they perform security program gap assessments and control readiness reviews, and report status to IT leadership. Effective interpersonal and communication skills and the ability to work with a wide variety of people (IT professionals and leadership, business partners, auditors, and vendors) are required for this role. This position will perform day-to-day management and execution of the security governance, risk management, and compliance functions. It will work collaboratively with the different responsible parties and owners of the security controls and safeguards to confirm and document compliance. Among other tasks, it will be responsible for conducting security reviews for third-party vendors and security assessments for the implementation of new software and solutions. To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The requirements listed below are representative of the knowledge, skills, and abilities required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

QUALIFICATIONS:

Required

• Minimum three (3) years of recent relevant experience in information security, IT risk management, or cybersecurity compliance.
• Experience in governance, risk assessments, and regulatory compliance (e.g., SOX, SWIFT, HIPAA, or similar).
• Experience conducting third-party risk assessments and software implementation reviews.
• Understanding of Cybersecurity frameworks (CIS, NIST, etc.)
• Understanding of Cybersecurity requirements for legal and regulatory compliance, including Sarbanes Oxley (SOX), SWIFT, and other applicable federal regulations and statutes.
• Understanding of Cybersecurity reports and certifications (SOC2 type II, ISO 27001, etc.)
• Understanding of Cybersecurity concepts, controls, and safeguards.
• Must have intermediate to advanced communication skills in English (speak, read, and write).
• Demonstrated ability to collaborate cross-functionally with IT teams, auditors, vendors, and leadership
• Strong communication skills with the ability to communicate effectively at all levels.
• Highly organized with an analytical mindset and attention to detail for evaluating and improving data quality and governance processes.
• Ability to work independently and with little supervision.
• Experience working in a team-oriented and collaborative environment.

• Ability to work a flexible schedule, extended hours, holidays, and/or weekends as needed.

Preferred:

• Ability to communicate at an intermediate to advanced level in Spanish.
• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Certifications such as CISA, CISSP, or CIPP.

DUTIES AND RESPONSIBILITIES:

Primary

• Supports the key initiatives/projects focused on reducing technology risk, governance, compliance with policies and external regulatory compliance.
• Maintains updated the centralized GRC platform with required relevant information.
• Performs periodic security program gap assessments.
• Performs continuous security controls and safeguards audits to confirm and document compliance.
• Participates in addressing exception requests to information security policies and standards; works with internal IT and business focal points to document the request, identify business justifications and compensating controls, and present findings to IT Leadership for review and approval.
• Conducts information security vendor risk assessments and provides recommendations for system, network, and application design, implementation, and operational effectiveness controls.
• Works with IT teams to develop corrective action plans for identified findings from internal security controls assessments, vendor risk assessments, internal and external audits, or other security reviews; tracks remediation efforts to closure.
• Serves as subject matter expert to internal business and technology teams and security teams on risk management activities and industry best practices.

Secondary

• Provides IT support for regulatory and compliance activities.
• Creates helpdesk support tickets.
• Keeps IT informed on tips and techniques that will enhance cyber security posture.
• Recommends security enhancements.
• Additional duties as assigned.

PHYSICAL REQUIREMENTS:

• The employee is continuously required to sit and use his fingers.
• The employee frequently is required to talk and/or hear.
• The employee is frequently required to stand and walk.
• The employee must occasionally lift and/or move up to 10 pounds.
• Specific vision abilities required by this job include close vision, distance vision, color vision, peripheral vision, depth perception, and ability to adjust focus.

SAFETY REQUIREMENTS:

• Report safety hazards.
• Immediately report incidents involving injury, illness, or property damage.
• Wear protective PPE (Personal Protective Equipment) as instructed or necessary.
• Comply with all company safety policies, procedures, and rules.
• Refuse any unsafe task or operation.
• Participate in safety meetings and training.
• Be constantly aware of their personal safety and that of their coworkers.

SUPERVISION RECEIVED AND EXERCISED:

Reports directly to the Senior Manager - IT Security. Does not exercise supervision over other staff.

CONDITIONS:

• Work is performed primarily in the office.
• The noise level in the work environment is usually quiet to moderate when work is performed in the office environment.

Job Tags

Similar Jobs