Cyber Security GRC Analyst II

Position Highlights:

• Primarily responsible for safeguarding information system assets from intentional or inadvertent disclosure, modification, disruption, or destruction. Manages and monitors the Cybersecurity mitigation, remediation, and risk register process.

Responsibilities:

• Performs assessment and continuous monitoring of compliance with cybersecurity polices and standards across the enterprise, including third party vendors. Assist with the completion of the annual security risk assessment
• Assess and monitor the status of risk associated with applications/systems. Develop recommendations and remediation plans to reduce risk to an acceptable level. Periodically update key stakeholders and system managers regarding the cybersecurity hygiene of assets they are responsible for managing
• Develop metrics and compliance dashboards to measure effectiveness of security controls and vulnerability remediation. Support resolution of issues discovered during examinations, internal audits, compliance reviews and self-testing findings. Monitor, coordinate, support, and document remediation activities and escalate issues, as necessary.
• Support process enhancement and redesign efforts to streamline Cybersecurity delivery. Review and analyze the effectiveness and efficiency of existing systems and processes to develop strategies for improving or further leveraging, consolidating, or decommissioning.
• Review requests and provide risk management support as needed to ensure Moffitt's data and resources are adequately protected. Learn, develop, and advance GRC knowledge through practical experience and ongoing training, to promote efficiency, effectiveness, and maturity of the control environment. Implement the internal policies, procedures, processes, controls, and risk statements, Identifying and implementing enhancements for increased efficiency in processes, controls, and related documentation
• Build positive relationships and partner with teams in IT, Compliance, Clinical, Research, etc. to continuously improve our internal security culture and external awareness of Moffitt's security program.

Credentials and Experience:

• Bachelor’s Degree – field of study: Information Systems, Information Security, Computer Science related degree or equivalent experience
• Preferred Certifications: CRISC, CISSP, CISA
• Minimum of three (3) years of experience participating in security initiatives, supporting audits; monitoring, reporting, and assessing risk.
  •  “in lieu of” a bachelor’s an additional 4 years of relevant experience, for a total of 7 years, may be considered
• Hands on experience with risk assessments, risk analysis, controls implementation/validation, and third-party vendor assessments
• Demonstrated understanding of risk analysis, security policies, and the National Institute of Standards and Technology, Health Insurance Portability and Accountability Act, Security Rule, and Payment Card Industry Data Security Standards.
• Demonstrated understanding of cybersecurity control and practices for both local on-premise and cloud environments
• Knowledge of risk management and Cloud Platform Security
• Knowledge of common information security standards, such as ISO 27001/27002, NIST, CIS, and COBIT