CybersecurityJobs.io
← Back to all jobs
The Norland Group

Senior Cybersecurity GRC Analyst

The Norland Group
San Jose, CA $85 - $95/hr Full time Posted 4h ago
Senior Cmmc Controls Enterprise Risk Fedramp GRC Information Security Infosec Iso 27001 IT Audit Nist 800 53 Nist Sp 800 171 Regulatory Compliance Risk Governance Risk Management Security Security Compliance
Apply Now

Job Description

The Norland Group seeks a Senior Cybersecurity GRC Analyst to lead governance, risk, and compliance initiatives across the organization. The role encompasses audits, risk assessments, identity and access governance, third-party risk management, and policy and process engineering. This on-site position is based in San Jose, CA.

Responsibilities

  • Develop and manage the overarching Compliance Program to align with industry standards such as SOC 2, NIST 800-171, ISO 27001, and NIST 800-53.
  • Collaborate with IT Security Operations to ensure security controls are properly designed, implemented, and operating effectively.
  • Lead the end to end cybersecurity audit process, including preparation of response documentation and execution of remediation plans.
  • Produce and distribute high level information security reports and compliance dashboards for key stakeholders.
  • Direct comprehensive cybersecurity risk assessments across the enterprise, identifying vulnerabilities and recommending prioritized mitigations.
  • Develop and maintain the Corporate Risk Register, tracking risk acceptance, treatment plans, and residual risk.
  • Perform quantitative and qualitative risk analysis to inform executive decision making and resource allocation.
  • Oversee and collaborate with stakeholders to execute quarterly user access reviews and monthly user activity monitoring.
  • Ensure timely completion, technical accuracy, and rigorous documentation of all access reviews to meet audit requirements.
  • Analyze access trends and over privileged accounts to recommend Least Privilege improvements and RBAC refinements.
  • Own and maintain Third-Party Risk Management evaluation practices, ensuring vendors are vetted against corporate security standards to mitigate supply chain risk.
  • Author, maintain, and update information security policies and Standard Operating Procedures to align with evolving industry standards.
  • Manage and govern Change Management processes to maintain security stability and compliance during technical transitions.

Requirements

  • Experience: Minimum 10 years of experience managing cybersecurity compliance programs from inception to completion.
  • Technical Expertise: Hands on experience with SOC 2 and a deep understanding of IT security controls.
  • Framework Proficiency: Expert knowledge of ISO 27001, CIS v8.1, NIST 800-53, NIST 800-171, CMMC, and FedRAMP.
  • Analytical Skills: Strong analytical thinking with the ability to prioritize complex tasks in a fast paced, evolving environment.
  • Communication: Excellent interpersonal, verbal, and written communication skills, able to work effectively as part of a team or independently.
  • Security Knowledge: Solid foundation in IT security concepts with emphasis on Security Risk Assessment.
  • Certifications: CISSP, CISM, or CISA preferred.
  • Preferred Qualifications: Exceptional ability to tailor complex technical communication for both technical audiences and non technical executive leadership.

Technologies

  • SOC 2
  • NIST 800-171
  • ISO 27001
  • NIST 800-53
  • CIS v8.1
  • CMMC
  • FedRAMP

Location

Onsite at our San Jose office headquaters, five days a week.

Similar Jobs

Get Job Alerts

New jobs delivered to your inbox.