Senior Cybersecurity GRC Analyst

Artech LLC

San Jose, CA

JOB DETAILS
SALARY
$70–$80 Per Hour
SKILLS
Access Control, Analysis Skills, CISA - Certified Information Systems Auditor, CISM - Certified Information Security Manager, CISSP - Certified Information Systems Security Professional, Change Management, Communication Skills, Computer Security, Documentation, Establish Priorities, External Audit, ISO (International Organization for Standardization), Industry Standards, Information/Data Security (InfoSec), Internal Audit, Internet Security, Interpersonal Skills, Leadership, Maintain Compliance, Operations Security (OPSEC), Presentation/Verbal Skills, Process Engineering, Qualitative Analysis, Quantitative Risk Assessment (QRA), Reporting Dashboards, Resource Management, Risk, Risk Analysis, Risk Management, Security Analysis, Standard Operating Procedures (SOP), Team Player, Time Management, Treatment Plan, Trend Analysis, U.S. National Institute of Standards and Technology (NIST), Writing Skills
LOCATION
San Jose, CA
POSTED
12 days ago
Job Title: Senior Cybersecurity GRC Analyst
Work Location: San Jose, CA 95134 (100% onsite)
Duration of Assignment: 6+ Months
Pay Rate Range: $70.00-$80.00/hr on W2
Job Description:
• Governance & Compliance Leadership:
o Develop and manage the overarching Compliance Program to ensure alignment with industry standards (e.g., SOC2, NIST 800-171, ISO 27001, NIST 800-53).
o Partner with IT Security Operations to ensure security controls are properly designed, implemented, and operating effectively.
o Lead the end-to-end cybersecurity audit process (internal and external), including the preparation of response documentation and the execution of remediation plans.
o Develop and distribute high-level information security reports and compliance dashboards to key stakeholders.
• Risk Management & Assessment:
o Lead comprehensive cybersecurity risk assessments across the enterprise, identifying vulnerabilities and recommending prioritized mitigation strategies.
o Develop and maintain the Corporate Risk Register, tracking risk acceptance, treatment plans, and residual risk.
o Perform quantitative and qualitative risk analysis to inform executive decision-making and resource allocation.
• Identity & Access Governance:
o Oversee and collaborate with stakeholders to execute quarterly user access reviews (UAR) and monthly user activity monitoring.
o Ensure timely completion, technical accuracy, and rigorous documentation of all access reviews to meet audit requirements.
o Analyze access trends and "over-privileged" accounts to recommend Least Privilege improvements and role-based access control (RBAC) refinements.
• Third-Party Risk Management (TPRM):
o Own and maintain Third-Party Risk Management evaluation practices, ensuring vendors are vetted against corporate security standards to mitigate supply-chain risk.
• Policy & Process Engineering:
o Author, maintain, and update information security policies and Standard Operating Procedures (SOPs) to ensure alignment with evolving industry standards.
o Manage and govern Change Management processes to ensure security stability and compliance during technical transitions.
Requirements
• Experience: Minimum 10 years of experience managing Cybersecurity compliance programs from inception to completion.
• Technical Expertise: Hands-on experience with SOC 2 and a deep understanding of IT technical security controls.
• Framework Proficiency: Expert knowledge of industry-standard programs (e.g., ISO 27001, CIS v8.1, NIST 800-53, NIST 800-171, CMMC, FedRAMP).
• Analytical Skills: Strong analytical thinking with the ability to prioritize complex tasks within a fast-paced, evolving environment.
• Communication: Excellent interpersonal, verbal, and written communication skills, with the ability to work effectively as a team player or independently.
• Security Knowledge: A strong foundation in IT security concepts with a heavy emphasis on Security Risk Assessment.
• Certifications: Relevant professional certifications such as CISSP, CISM, or CISA.
Preferred Qualifications:
• Exceptional ability to tailor complex technical communication for both technical audiences and non-technical executive leadership.

About the Company

A

Artech LLC