JOB SUMMARY: The GRC and Security Analyst plays a critical role in supporting both Security Operations and Governance, Risk, and Compliance (GRC) efforts for our clients, while also serving as a advisor to our clients on compliance matters. This position involves guiding clients through compliance-related tasks such as understanding insurance requirements, completing audit forms, gathering audit evidence, and interfacing with client auditors as needed. Additionally, the Analyst will provide advisory services to help clients interpret and navigate regulatory requirements, ensuring their compliance strategy aligns with industry standards.
The Analyst will also manage client security risks by monitoring environments, ensuring consistency in security policies, and auditing for unauthorized changes. The responsibilities include but are not limited to deploying phishing campaigns, triaging escalated security incidents, and helping clients maintain adherence to security frameworks. The person in this role will be utilizing Microsoft products and services, including Microsoft 365 and Azure, the GRC and Security Analyst will play a key role in enhancing clients' security posture while ensuring compliance with relevant regulations. The role is a blend of technical, and compliance work that will be instrumental in keeping our clients secure and compliant.
Responsibilities:ESSENTIAL FUNCTIONS:
Governance Risk and Compliance
- Help clients review and complete insurance security audit forms, ensuring they meet insurance requirements.
- Review client audit forms, providing feedback to ensure accuracy and completeness before submission.
- Assist clients in understanding compliance requirements related to frameworks such as PCI, HIPAA, SOX, CMMC, and others.
- Work with client auditors, acting as a liaison between client teams and auditors to gather the necessary audit information and documentation.
- Collaborate with clients and client teams to identify compliance deficiencies, developing and executing remediation plans to address any gaps.
- Develop security and compliance policies that align with security frameworks (NIST, CIS) and the client's specific business goals and processes.
- Support internal audits by managing documentation, ensuring compliance with security standards, and tracking audit progress and gathering evidence as needed.
Operational Security
- Assist in monitoring and administering security tools (e.g., SIEM, antivirus, firewalls) for clients.
- Respond to escalated security incidents, helping coordinate remediation efforts and interfacing with the client when needed.
- Monitor client systems for security threats and vulnerabilities, providing initial analysis and reporting.
- Implement and manage security policies and configurations (MFA, encryption, antivirus, etc.) across client environments.
- Collaborate with senior team members to develop security best practices and policies.
- Conduct Security Posture assessments
- Provide security oversight and assistance as needed for the engineering teams to ensure polices are being implemented consistently as clients are onboarded
QUALIFICATIONS:
- Bachelor's degree in information systems, Computer Science, or a related field, or equivalent work experience.
- 1+ year of experience with performing corporate governance and compliance work preferably having worked in an environment that is audited regularly.
- Experience with Microsoft cloud administration and security portals and their use (e.g., Microsoft 365, Azure).
- Basic understanding of GRC frameworks such as NIST, CIS, or other compliance-related guidelines.
- Industry compliance certification such as CRISC, CGRC etc. or working towards them.
- Must have a valid state driver's license and reliable personal transportation (for client visits if needed).
WORKING ENVIRONMENT: The majority of work for this role is performed in a home office and interacts with a wide variety of people with differing functions,personalities,and abilities.Telecommuters are expected to havesufficienthome office space that appears neat,organized,and professional when in video meetings.Travel is required and varies around 25%.
REASONABLE ACCOMMODATION: It is Arctic Information Technology, Inc.'s business philosophy and practice to provide reasonable accommodations, according to applicable state and federal laws, to all qualified individuals with physical or mental disabilities.
PREFERENCE STATEMENT: Arctic Information Technology, Inc. grants preference to qualified Doyon Shareholders first, and second to qualified shareholders of other Alaska Native corporations that grant a similar preference in all phases of employment and training, which include, but are not limited to hiring, promotion, layoff, transfer, and training.
PAY TRANSPARENCY STATEMENT: Arctic Information Technology will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of the other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consent with the contractor's legal duty to furnish information.
Arctic Information Technology Inc. is a Federal Contractor and complies with the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA).
Arctic Information Technology, Inc. is an equal opportunity employer. We evaluate qualified applicants without regard to race, color, religion, sex, sexual orientation, gender identity or national origin, disability, veteran status, and other protected characteristics. The EEO is the Law and the poster is available at http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf. For questions on the job posting contact (253) 344-5300.
#LI-Remote
VEVRAA Federal ContractorWe request Priority Protected Veteran & Disabled Referrals for all of our locations within the stateThe EEO is the Law poster is available here.