Complete Description:
The Governance, Risk and Compliance (GRC) Analyst shall provide support for revising internal security policies and standards, participating in risk assessments and audits with stakeholders, creating and documenting internal processes to support GRC and participating in executing the cybersecurity awareness program as a member of a highly experienced security team supporting the District of Columbia Government (DCGOV) network.
The GRC Analyst shall be responsible for the following, but not limited to:
• Prepare and edit policy documentation incorporating information provided by subject matter experts (SME).
• Develop and formalize a quality assurance review process of all existing security policies and ensure consistency in review period.
• Ability to interpret complex technical concepts and articulate the information in policy documentation.
• Maintain a record or revisions regarding operational policies and procedures.
• Help with process development and documentation involving multiple departments and teams internally and external.
• Provide liaison support for District-wide Information Security Officer (ISO) communications structure.
• Assist with development of standard operating procedures for security operations team.
• Serve as Assistant Information Security Officer assisting in policy and communication strategy for GRC initiatives.
• Assistance with managing the Information Security SharePoint page.
• Become an active participant in developing and maintain and information security awareness training program and assist in tracking and analyzing metrics for reporting.
Behavioral Characteristics:
Working in a collaborative team environment, the GRC Analyst will work with stakeholders both internal and external to develop policy, assist in strategy roll out and guidance for best practices to help reduce risk on the DCGOV network.
Skill
Required / Desired
Amount
of Experience
Expertise Rating
Bachelor’s degree in Computer Science, Engineering or equivalent experience
Required
4
Years
3 - Expert
CISSP, GISP, CRISC, CGEIT, PMI-RMP or PMP, ITIL, ECSA, CEH
Required
6
Years
3 - Expert
Expertise in policy development for large scale organizations
Highly desired
4
Years
2 - Proficient
Experience conducting and managing processes for audits and compliance
Highly desired
4
Years
2 - Proficient
Understanding of Risk Management Framework and Principles
Highly desired
4
Years
2 - Proficient
Experience with writing policy and must maintain excelling communication skills to interpret technical,
Required
6
Years
3 - Expert
Experience leading projects following Project Management principles
Required
6
Years
3 - Expert