Security GRC Specialist

• Assess policy needs and collaborate with stakeholders to develop policies to govern cyber activities.
• Interpret and apply applicable laws, statutes, and regulatory documents and integrate into policy
• Develop policy, programs, and guidelines for implementation. Review existing and proposed policies with stakeholders.
• Develop security compliance processes and/or audits for external services (e.g., cloud service providers, data centers).
• Monitor the rigorous application of cyber policies, principles, and practices in the delivery of planning and management services.
• Develop methods to monitor and measure risk, compliance, and assurance efforts.
• Review, conduct, or participate in audits of cyber programs and projects.
• Promote awareness of cyber policy and strategy as appropriate among management and ensure sound principles are reflected in the organization's mission, vision, and goals.
• Supporting privacy compliance, governance/policy, and incident response needs of privacy and security executives and their teams.
• Ensure that all acquisitions, procurements, and outsourcing efforts address information security requirements consistent with organizational goals.

Domain Expertise

• 5+ years experience in internal auditing, audit planning, security and risk management, security assessment and testing, security operations, software development security, information security governance, information risk management
• Experience in identifying measures or indicators of system performance and the actions needed to improve or correct performance, relative to the goals of the system.
• Experience in conducting audits or reviews of technical systems.
• Experience in translate, track, and prioritize information needs and intelligence collection requirements across the extended enterprise.
• Experience in developing policy, plans, and strategy in compliance with laws, regulations, policies, and standards in support of organizational cyber activities.
• Ability to interpret and apply laws, regulations, policies, and guidance relevant to organization cyber objectives.

Analytics Experience

• Ability to dissect a problem and examine the interrelationships between data that may appear unrelated.
• Ability to evaluate information for reliability, validity, and relevance
• Ability to evaluate, analyze, and synthesize large quantities of data (which may be fragmented and contradictory) into high quality, fused targeting/intelligence products.

Individual Skills

• Ability to apply critical reading/thinking skills.
• Ability to function effectively in a dynamic, fast-paced environment.
• Ability to answer questions in a clear and concise manner.
• Ability to communicate complex information, concepts, or ideas in a confident and well-organized manner through verbal, written, and/or visual means.

Mindset & Behaviors

• High energy and passionate individual who inspires teammates to reach their maximum potential
• Intrinsic interest in cyber work
• Comfortable with complexity, tends to think outside the box.