The SBA is seeking a Senior Information Security Analyst (SISA) - Governance, Risk and Compliance (GRC)to join the Office of Information Security in a highly influential role responsible for supporting the security strategy of the SBA and elevating the SBA’s security posture. The SISA – GRC works under general supervision alongside audit, compliance and risk teams to identify and verify risks to systems and data, and ensure teams are cognizant of any deficiencies and working toward addressing findings and recommendations. The SISA - GRC is also responsible for the planning and maintenance of security policies. The SISA - GRC understands security risks and technologies and is able to effectively communicate them to business units. In addition, the position evaluates risk according to best practices, as well as compliance mandates, and provides detailed reports from assessments. When external examiners conduct engagements, the SISA - GRC is a primary point of contact and facilitator to ensure teams are abiding by safe computing and administrative procedures. In tandem with security leadership, the position consistently assesses and validates the assurance of the security program. As a primary point of contact for internal and external auditors, the SISA - GRC monitors progress and enforces resolution of outstanding issues that may lead to non-compliance or security threats to the business. As a key member of the security team, the SISA - GRC must focus on strong risk management and organizational resiliency and not be driven solely by compliance. This position is located in Tallahassee, FL and requires on-site, in-office work.
What you will do
- :Leads the Security Governance, Risk and Compliance Progra
- mCoordinate the Security Awareness Progra
- mPerforms other duties as assigne
d
What you should hav
e:Five years of related experience. A postsecondary degree may be used as an alternative for years of direct experienc
e.
Preferenc
- es:A bachelor’s degree from an accredited college or university in Risk Management, Cybersecurity, Information Technology, Finance, Business Administration, Accounting or a related fi
- eldCertified in Governance, Risk and Compliance (CGRC), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC), Certified Internal Auditor (CIA) Certified Information Systems Security Professional (CISSP), Certified in the Governance of Enterprise IT (CGEIT), or other relevant security, risk management, compliance, or audit-related certificati
- onsDemonstrable experience leading audits, risk assessments, compliance assessments, and/or experience as a cybersecurity analyst, engineer or archit
ect
Knowledge, Skills and Abiliti
- es: At least 5-years’ IT audit, risk management or cybersecurity experience, with at least 2 years in an operationally focused IT or security practitioner
- roleAbility to articulate risk to drive objective decisions; strong prioritization and decision-making sk
- illsProficiency with control frameworks, risk scoring, issue management, and metrics/
- KRIsSkilled at working with diverse teams and promoting enterprise-wide risk management rigor and security-first cul
- tureHigh level of integrity, trustworthiness and confidence to represent the company and risk management leadership with the highest level of professiona
- lismProject management, multitasking and organizational sk
- illsAbility to preserve credibility with the team through sustained industry knowl
- edgeDemonstrated understanding and comprehension of a wide range of security, compliance and technology frameworks, laws and regulatory requirements, including but not limited to NIST CSF, NIST RMF, CIS Critical Security Controls, PCI, SOX, HIPAA, GDPR and
- GLBAExceptional written and verbal communication skills, and proven ability to translate security and risk to all levels of the busi
- nessCapacity to understand legacy and progressive technology and security controls along with respective risk. Working knowledge of technologies such as cloud computing, DevOps and application security is requ
- iredTrack record of acting with integrity, taking pride in work, seeking to excel, being curious and adaptable, and communicating effecti
- velyPrior team leadership experience prefe
rred
