Cyber Security Governance, Risk and Control (GRC) Analyst - Senior Associate

Ankura is a team of excellence founded on innovation and growth.

Responsibilities:

• Executing IT security risk assessments using industry standards and frameworks (e.g. NIST, ISO/IEC 27002, etc), data security and privacy regulations (e.g. PCI, HIPAA).
• Identification, measuring, communicating, and prioritizing information security risks across the enterprise using a common framework that would be used for communicating our information security posture with clients.
• Manage action plans in response to information security risk assessment, track status, and report to IT security leadership. Interact with internal audit, third-party auditors, and appropriate regulatory bodies and participate in all internal and external audit projects.
• Oversee the validation of risk assessments, process and technology control designs, control gap identification, test scripts and evidence and identification of compensating controls.
• Manage the IT remediation process, including tracking and resolving findings from internal and/or external audits, risk assessments, self-reported items, and other control assessments.
• Assist in the annual policy review cycle.
• Assist in conducting third party vendor risk management activities for our vendors that includes review of contractual agreements as well as information security questionnaires. 
• Conducting control checks against policies and standards of both technology environments and business processes.
• Experience of running Information Security Awareness programmes.
• Provide effective support to the business in the provision of third-party assurance reviews.
• You'll be skilled in writing a range of documentation, relevant for the business, ranging from processes and procedures to reports, standards and frameworks.
• Supporting and lead the embedding of controls identifying weaknesses and improvements as necessary and driving resolution.
• Supporting the improvements to the Holistic Cyber Security Framework
• Supporting from wider team, verify services are delivered in accordance with agreed business specifications and in compliance with legal and regulatory requirements.           

Qualifications:

• Knowledge of cloud security
• An understanding of information security frameworks and standards such as Cyber Essentials, SOC2, NIST and ISO 27001.
• Excellent problem-solving and analytical skills.
• Effective communication and collaboration abilities.

Education:Degree in information security or similar field.8-10 yrs of experience with 2+ years of broad information security experience.Certifications: Nice to have Qualified Security Assessor (QSA),Certified Information Systems Auditor (CISA)Certified Information Systems Manager (CISM)Certified Information Systems Security Professional (CISSP)

Ankura is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, or protected veteran status and will not be discriminated against based on disability. Equal Employment Opportunity Posters, if you have a disability and believe you need a reasonable accommodation to search for a job opening, submit an online application, or participate in an interview/assessment, please email accommodations@ankura.com or call toll-free +1.312-583-2122. This email and phone number are created exclusively to assist disabled job seekers whose disability prevents them from being able to apply online. Only messages left for this purpose will be returned. Messages left for other purposes, such as following up on an application or technical issues unrelated to a disability, will not receive a response.