Governance Risk & Compliance (GRC) Analyst in Chesapeake, VA at Open Systems Technologies

Date Posted: 11/15/2019

Job Snapshot

Job Description

A retail organization is seeking a Governance Risk and Compliance Analyst to join their ream in Chesapeake, VA.


  • Assist/participate/lead in formal risk assessment processes for all departmental and enterprise systems and work closely with system owners to align risks identified with established risk tolerances
  • Provide governance for the identification, audit, validation and remediation of information technology controls required for SOX, PCI DSS, PII, HIPAA and any other applicable regulatory compliance frameworks
  • Conduct and track information security assessments of third party vendors to determine their ability to protect data
  • Participate in projects and assessments to establish risk determination and remediation
  • Using industry best practices and tools, be able to utilize technology based tools to validate controls are in place as established.
  • Lead the development, update and compliance of corporate information security policies, guidelines and standards
  • Work with technical teams to ensure baseline configurations are kept current and configurations for new technologies are designed and built prior to integration into the company environment
  • Develop the comprehensive information security awareness program and run year round campaigns; Create communications on behalf of IT Security for awareness activities, initiatives or other required security announcements
  • Maintain security and compliance metrics that are meaningful and actionable for Sr. Management; Metrics should establish baselines, highlight progress and drive behaviors
  • Coordinate with internal and external audit and compliance groups on improvement of information technology controls
  • Experience with analyzing, evaluating, prioritizing and processing results from security penetration tests or assessments


  • Must have a Bachelor's degree in business, information systems or computer science or equivalent experience
  • 3-5 years of experience in information technology; preferably in information security compliance/audit/control or related experiences
  • Familiarity in many technology areas across a broad spectrum including networks, infrastructure, cloud and mobile as well as the concepts of risk management, data compliance, information security strategy
  • Solid knowledge of security controls across all security domains such as access management, encryption methods, vulnerability management, network security, etc.
  • Application development, scripting and database knowledge a plus
  • Demonstrated experience with industry compliance and security standards and frameworks including one or more of: PCI DSS, ISO 27001, HIPAA, CIS Controls and NIST frameworks
  • Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing; Microsoft office suite proficiency required
  • Strong analytical skills, to analyze security requirements and relate them to appropriate security controls
  • Industry relevant certifications such as CISSP, CRISC, CISA, CISM, CGEIT, etc. is a plus
Job keywords: