As a member of the Information Security team, the IS GRC Senior Analyst will be responsible for providing risk assurance for critical client engagements, focusing on information security, cyber security, and data privacy risk. In addition to working closely with client engagement teams, the person will also need to consult and interface with our Risk Committee, members of the AP legal organization, and members of the various technology organizations (including network administrators, system administrators, IT staff, and developers) on identifying and helping to mitigate information security and data privacy risks on those key client engagements.
- Work with the Chief Information Security Officer, Chief Technology Officer, and members of the Legal Organization to identify high risk engagements that would come under this risk assurance process.
- Define and provide regular reporting on overall and individual engagement risks and the status of risk mitigation efforts.
- Emphasis on cyber security, information security, and data privacy risks associated with critical client engagements based on client importance and potential penalties associated with any issues.
- Expected to stay current on security industry trends, new threats, attack techniques, mitigation techniques, and emerging security technologies
- Keep abreast of the latest information security standards, privacy laws, and regulations to including (but not limited to) the NIST cybersecurity standards, IS27001, SOC2, and GDPR.
- Participate, as needed, in critical incidents and implementation reviews.
Qualifications / Requirements
- Minimum 5 years of professional work experience
- Experience within Information Security, Risk, Compliance, Audit or Information Technology is highly desired
- Bachelor’s degree required; related field highly preferred
- Certifications in Information Systems Security or Internal Audit desired, but not required
Note: Qualified candidates will be contacted within 2 business days of application. If an applicant does not meet the above criteria, we will keep your resume on file for future opportunities and may contact you for further discussion.