MUST RESIDE IN HOUSTON, TX.
Senior Information Security Analyst - Governance/Risk/Compliance (GRC)
Under minimal direction, the Senior Information Security Analyst –Governance/Risk/Compliance (GRC) will perform all procedures necessary to ensure information security solutions are designed and implemented to meet security standards and protect systems from intentional or inadvertent access.
Experience:
- Project and Requirements
- Design and implement a scalable cloud and third-party cybersecurity risk management framework aligned with NIST, ISO 27001, and other relevant standards.
Role and Responsibilities of the Resource
- Collaborate with internal stakeholders to define third-party cybersecurity roles and responsibilities.
- Partner with legal and procurement to ensure contracts include appropriate security terms (e.g., data handling, breach notification, audit rights).
- Provide security guidance to project teams evaluating or implementing cloud-based or externally hosted solutions.
Scheduled Milestones and Deliverables
- Support the development of cloud security baselines and governance controls.
- Recommend mitigation strategies and track remediation efforts.
- Evaluate cloud service configurations (e.g., AWS, Azure, Google Cloud, SaaS platforms) for alignment with enterprise security policies and industry best practices.
Metrics to Measure Performance
- Maintain and update a centralized inventory of critical cloud services and third-party vendors.
- Develop and present risk dashboards and executive-level summaries to communicate risk posture and assessment outcomes.
- Track security exceptions, risk acceptance approvals, and remediation timelines across third-party engagements.
- Participate in governance forums such as the Cybersecurity Review Committee (CRC) and provide input on vendor-related risks.
- Develop and maintain risk assessment procedures and questionnaires tailored for cloud services and third-party applications.
- Define security review workflows for vendor onboarding, contract renewals, and offboarding.
- Integrate cybersecurity risk activities with procurement, legal, and enterprise architecture processes.
- Conduct technical and compliance assessments focusing on data classification, regulatory alignment (e.g., HIPAA, CJIS, PCI, GDPR), encryption, and access controls.
- Review vendor responses to security questionnaires and validate supporting documentation (e.g., SOC 2 reports, ISO certifications, penetration test results).
- Analyze risks associated with APIs, SaaS integrations, homegrown plug-ins, and third-party application stores.
Job Types: Full-time, Contract
Pay: From $80.00 per hour
Work Location: Hybrid remote in Houston, TX 77002
