Netwitness Consultant, Information Systems & Security Audit

Description

NetWitness Governance Risk and Compliance Analyst

We seek an accomplished and results-driven GRC analyst to lead and manage critical functions within our organization, reporting directly to the CISO. Your expertise in security, compliance, regulatory frameworks, platform management, vendor security reviews, customer interactions, cross-functional collaboration, and reporting will be instrumental in creating a strong synergy between our security and information security functions and providing valuable insights to leadership.

Responsibilities

• Lead and manage the organization’s compliance efforts for PCI, SOC 2, FedRAMP, StateRAMP, ISO2700x and other regulatory and security frameworks.
• Collaborate closely with our third-party auditing firms, coordinating audit activities and providing the necessary evidence.
• Conduct thorough assessments to ensure alignment with regulatory requirements and industry standards.
• Drive the timely resolution of audit findings by working with relevant teams to implement effective controls and solutions.
• Oversee the implementation of the SOC2 and NIST security framework to assess and enhance the organization’s security maturity.
• Lead the development and execution of security maturity assessments using Archer, identifying gaps, vulnerabilities, and areas for improvement.
• Translate assessment results into actionable recommendations and strategic plans to enhance security posture.
• GRC Compliance Management:
  • Take ownership of the GRC platform
  • Utilize our GRC platform to monitor and maintain ongoing compliance with regulatory requirements and industry standards.
  • Leverage our GRC platform insights to drive continuous improvement in our security controls and compliance practices.
• Legal and Contract Collaboration:
  • Work closely with the Legal and Security team to ensure compliance with data protection regulations and contractual obligations.
  • Review, negotiate, and redline contracts, including Data Protection Agreements (DPAs), with third-party vendors, partners, and customers to ensure data privacy and protection.
  • Ensure that security and compliance considerations get integrated into contract negotiations and agreements.
• Lead vendor security reviews to assess the security posture of third-party vendors and partners.
• Conduct thorough evaluations of vendor security controls, policies, and practices to ensure they align with our security standards.
• Provide recommendations for risk mitigation and security improvements based on vendor security assessments.
• Handle customer questionnaires and requests related to our security attestations.
• Provide accurate and timely responses to customer inquiries, ensuring that customer concerns regarding security get addressed effectively.
• Liaise with cross-functional teams to gather necessary information and documentation for customer attestations.
• Work hand in hand with our security team to create synergy and alignment across security and compliance functions.
• Collaborate closely to develop and implement security strategies, initiatives, and risk management plans.
• Ensure consistent communication, knowledge sharing, and coordination between security and compliance efforts.

Desired Requirements

Must haves:

• 5+ years of experience in governance, risk management, and compliance roles, with a focus on information security and technology.
• Experience developing and implementing governance frameworks, risk assessment methodologies, and compliance programs.
• Familiarity with risk assessment techniques, including the identification, analysis, and treatment of risks.
• Demonstrated experience conducting compliance audits, assessments, and managing remediation efforts.
• Knowledge of security controls, industry best practices, and risk management frameworks.
• Strong understanding of business processes, systems, and technologies, and their associated risks.
• Experience performing Privacy Impact Assessments and Data Privacy Impact Assessments
• Excellent communication and interpersonal skills, with the ability to effectively collaborate with stakeholders at all levels of the organization.
• Strong knowledge of the following regulatory frameworks: GDPR and HIPAA

Nice to haves:

• Bachelor’s degree in computer science, Information Security, Risk Management, or a related field - or equivalent work experience.
• Strong knowledge of regulatory frameworks and standards such as ISO 27001, NIST Cybersecurity Framework, or PCI DSS.
• Professional certifications such as CISA, CRISC, CISSP, or CISM are highly desirable.

Desired Behaviors

• Adaptability:Demonstrates flexibility and openness to change. Actively seeks and adopts improved approaches and processes.
• Proactive Action:Takes initiative and is driven by results. Takes ownership of actions and outcomes, meeting commitments and striving for high performance.
• Effective Workload Management:Makes timely decisions, prioritizes tasks effectively, solves problems, monitors results, and takes corrective action when necessary.
• Technical Proficiency: Possesses a solid understanding of their role and responsibilities, demonstrating competence in performing tasks and utilizing relevant technical skills.
• Continuous Learning: Takes personal responsibility for learning and development. Recognizes personal strengths and areas for improvement, actively seeks feedback, and embraces opportunities to learn.
• Effective Communication: Demonstrates strong facilitation and written communication skills. Clearly articulates ideas and proposals, actively listens to colleagues' perspectives, and values diverse viewpoints.
• Collaboration:Shares information, fosters teamwork, and contributes to a positive work environment. Actively collaborates with others and encourages a sense of unity and cooperation among team members.
• Ethical Conduct and Competence: Acts with integrity and intent, displaying ethical character in all actions. Takes accountability for one's own behavior and aligns actions with the company's values and principles.

Expected Objectives

1 Months

• Learn the NetWitness GRC policies and procedures.
• Gain familiarity with the GRC tools and systems.
• Start participating in GRC projects and activities.

3 Months

• Become an expert on the company's GRC policies and procedures.
• Be able to use the GRC tools and systems independently.
• Stay up-to-date on the latest GRC regulations and best practices.
• Ensure compliance with GRC-related regulations.
• Lead GRC initiatives.

6 Months

• Identify GRC risks and provide recommendations to mitigate.
• Advise management on GRC matters.
• Develop and maintain GRC programs.
• Conduct annual risk assessment.

RSA is committed to the principle of equal employment opportunity for all employees and applicants for employment and to providing employees with a work environment free of discrimination and harassment. All qualified applicants will receive consideration for employment without regard to race, color, and any other category protected by applicable country law.

If you need a reasonable accommodation during the application process, please contact the RSA Talent Acquisition Team at rsa.global.talent.acquisition@rsa.com. RSA and its approved consultants will never ask you for a fee to process or consider your application for a career with RSA. RSA reserves the right to amend or withdraw any job posting at any time, including prior to the advertised closing date.