Information Security GRC Analyst

Consolidated Communications • South Portland • $91.24k - $138.30k / year • 1d ago

Major Duties

Classification: Exempt, Non-Bargaining
Position may be remote; within commuting distance to the office in South Portland, ME area.

*** This position will require an additional national security background check by the US Department of Justice as a condition of employment.

The Information Security GRC Analyst will be responsible for identifying, analyzing and influencing the management of information risks across the organization. Additionally, this person will be responsible for compliance and security awareness program activities. A primary focus will be the management of the Vendor Risk Management program.

Responsibilities

Performs focused information governance, risk and compliance assessments of existing or new services and technologies, along with business counterparts.

Communicates governance, risk and compliance assessment findings to team owners and custodians of information risk "business partners," or information governance teams and information security teams.

Provides consultative advice to information governance or security teams that enables them to suggest informed governance, risk and compliance management decisions.

Identifies and facilitates implementation of appropriate controls to effectively manage information risks as needed.

Identifies opportunities to improve governance, risk and compliance posture, developing solutions for remediating or mitigating risks and assessing the residual risk.

Maintains strong working relationships with individuals and groups involved in managing information governance, risk and compliance across the organization.

Some travel may be required.

Qualifications

Strong knowledge of IT functions
Ability to identify and assess the severity and potential impact of risks. Communicate risk assessment findings to risk owners outside the cybersecurity program in a way that consistently drives objective, fact-based decisions about risk that optimize the trade-off between risk mitigation and business performance.
An understanding of organizational mission, values, goals and consistent application of this knowledge.
An ability to work on several tasks simultaneously and pay attention to sources of information from inside and outside one's network within an organization.
An ability to apply original and innovative thinking to produce new ideas.
An understanding of business needs and commitment to delivering high-quality, prompt and efficient service to the business.
An ability to effectively influence others to modify their opinions, plans or behaviors.
Excellent prioritization capabilities, with an aptitude for breaking down work into manageable parts, effectively assessing the priority and time required to complete each part.
Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.
Strong problem-solving and troubleshooting skills. Familiarity with Service Providers.
Be willing and able to hold a U.S. Government Secret clearance.

Can interface with, and gain the respect of, stakeholders at all levels and roles in the company.
Is a confident, energetic self-starter, with strong interpersonal skills.
Has good judgment and a sense of urgency, and has demonstrated commitment to high standards of ethics, regulatory compliance, customer service and business integrity.
Instinctive and creative.
Self-motivated and possessing a high sense of urgency and personal integrity.
Highest ethical standards and values.

Education and Experience:

BS in Business, Computer Science, Information Security or a related field required, MA is preferred.
6+ years of work experience in information security, especially in a GRC role to include regulatory compliance and information security management frameworks (e.g., International Organization for Standardization [IS0] 27000, COBIT, National Institute of Standards and Technology [NIST] 800-53/171 and related standards)
Desired certifications: Certified Information Security Manager (CISM), and/or Certified Information Systems Auditor (CISA)

Benefits Offered

We are proud to offer a comprehensive and competitive benefits package:

401(k) matching
Medical, Rx, Dental and Vision insurance
Disability insurance
Flexible spending account
Health savings account
Life insurance
Tuition reimbursement
Paid vacation and personal days
Paid holidays
Employee Assistance Program
Annual bonus program to eligible employee's based upon organization performance

Salary

Pay range (commensurate with skills and experience): $91,244 - $138,299

Equal Opportunity Employer

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity or expression, sexual orientation, national origin, marital status, familial status, genetics, disability, age, veteran status or any other characteristic protected by law.