Job Purpose:

Responsible for performing professional level IT Security duties related to analyzing security related information produced by the operating environment against industry standards, and control frameworks. Produces policy, program, process, and procedure related documentation to support controls required by the organization. Reviews and incorporates controls frameworks enumerated control standards and procedures into the security programs as required based on risk management.

Job Responsibilities:

• Measure and manage the existing policies, programs, processes, and procedures to ensure that security controls remain operable and effective as implemented.
• Develop information security policies for the organization to enforce to ensure security controls required by management are implemented and operating effectively.
• Develop security programs according to the information security management program to ensure that the relevant functions of security are operationalized with people, process, and technology.
• Implement security controls, risk assessment framework, and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances College business objectives.
• Evaluate risks and develops security standards, procedures, and controls to manage risks.
• Implement processes to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts.
• Define and documents business process responsibilities and ownership of the controls in GRC tool. 
• Schedule regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports.
• Report on any operational deficiencies noted during measurement and management of the existing policies and programs.
• Assist in the determination if gaps in security design or controls exist and provide recommendations for remediation or mitigating controls.
• Ensure clients, regulatory, and internal requirements are being met consistently and effectively.

Job Qualifications:

• Bachelor's degree in Engineering, or Information Systems.
• 2-4 years of experience in a relevant field.
• Experience in identifying, assessing, and managing risks within an organization.
• Knowledge of risk management methodologies, such as risk assessment, risk mitigation, and risk monitoring.
• Strong understanding of GRC principles, frameworks, and industry standards, such as ISO 27001, NIST Cybersecurity Framework.
• Ability to develop and implement compliance programs, policies, and controls to ensure adherence to relevant standards.
• Experience in creating policy frameworks and ensuring policy awareness and compliance across the organization.
• Experience in conducting internal or external audits and supporting audit activities.
• Excellent written and verbal communication skills to interact with stakeholders, senior management, auditors, and regulatory bodies.
• Ability to collaborate effectively with cross-functional teams, including IT, legal, compliance, and operations.
• Strong analytical skills to identify and assess risks, analyze compliance gaps, and develop appropriate solutions and mitigation strategies.
• Ability to think critically and solve complex problems related to GRC challenges.
• Understanding of business operations, processes, and objectives to align GRC activities with the organization's overall goals.
• Ability to translate technical GRC requirements into business terms and provide actionable recommendations to management.