Grc Analyst

CyberProof is a cyber security services and platform company whose mission is to help our customers react faster and smarter - and stay ahead of security threats, by creating secure digital ecosystems. CyberProof automates processes to detect and prioritize threats early and respond rapidly and decisively.

CyberProof is part of the UST Global family. Some of the world’s largest enterprises trust us to create and maintain secure digital ecosystems using our comprehensive cyber security platform and mitigation services.

We are looking for a **GRC Analyst** to join our team.

**Main Tasks and accountabilities**:

- Perform Application and Architecture Cyber Risk Assessments
- Liaise with different teams within Cyber Security Risk and Compliance to mitigate risk findings.
- Work with Project/Program managers to identify the Cyber risks at a pre-deployment stage.
- The document, develop and publish assigned Security Policies, Standards,s and Technical Requirements.
- Proactively identify cybersecurity deficiencies or opportunities for improvement to better enable security.
- Participate in the development and publication of compliance metrics for the GRC group.
- Create Risk Management reports for leadership and other stake holders.

**Requirements**:

- Experience with the security and privacy controls environment, regulatory landscape and risk management techniques, principles, and practices
- Experience and knowledge of the development and implementation of information security policies, standards, and related procedures for security programs
- Ability to assess environments against a wide variety of security and compliance frameworks including State based privacy and security regulations, GDPR, SOC, NIST-CSF, ISO/27001/2
- Ability to provide risk-based recommendations based upon the size and complexity of an organization
- Strong written communication skills for use in preparing formal documentation including policies, procedures, standards, reports, etc.,
- Strong verbal skills that include the proven capability to clearly articulate thoughts, capability to be persuasive and to deliver presentation and training to all levels of management
- Ability to undertake and complete tasks independently, meet schedules and delivery timelines, and to move swiftly from concepts and theory to action
- Strong understanding of governance, risk, and compliance practices for cyber security
- Should have good understanding of regulatory compliance requirements such as SOX, GDPR, PCI-DSS, FISMA, RBI Cyber security requirements, IT Act 2000.
- Good to have GDPR, Privacy training and certifications
- Relevant experience in cybersecurity governance, cybersecurity compliance and risk management would be ideal.
- Security certifications such as CISSP, CRISC, CISM, CISA or GIAC are beneficial.
- Comfortable with interfacing with internal or external organizations.
- IT Audit, internal Audit and/or cyber advisory experience is a plus.
- Self-motivated and willing to take on challenges while adapting to an ever-changing cybersecurity environment.
- Exceptional analytical and critical thinking skills.