GRC Analyst

Overview

Analyzes and manages cybersecurity governance, risk, and compliance programs.

Key Responsibilities

• security awareness
• risk assessment
• policy development
• metrics reporting
• third‑party risk
• compliance monitoring

Tasks

-Monitors and reports on the effectiveness of security awareness initiatives. -Monitors regulatory environment and performs impact assessments. -Communicates policies to relevant stakeholders. -Collects, analyzes, and presents cybersecurity program performance metrics and key risk indicators (KRIs). -Develops and maintains cybersecurity policies, standards, and guidelines. -implementing risk mitigation measures and fostering secure third-party relationships. -Ensures appropriate design and operating effectiveness of regulatory and PCI-DSS controls. -Independently develops security awareness training programs and materials. -Monitors compliance and reports effectiveness. -Develops, organizes, and delivers training sessions to employees on security policies and best practices. -Identifies risks and develops mitigation strategies and risk management plans -May provide guidance and assistance to entry level professionals and/or support employees. -Sets objectives for own area to meet the objectives or goals of projects and assignments. -Manages third-party risk by assessing the security posture of external vendors and partners, -Implements and monitors compliance with cybersecurity control framework. -Ensures policies are up-to-date and align with industry best practices, regulatory requirements, and cyber frameworks. -Works to achieve day-to-day objectives with moderate impact on the area. -May assist other professionals with tasks and assignments. -Independently performs periodic gap assessments to validate compliance. -Partners with auditors and manages action plans in response to audit discoveries. -Independently conducts regular assessments of cyber risks within applications, platforms, and processes. -Plans and executes cybersecurity awareness events and communication campaigns. -Manages privacy-related data subject access requests.

Requirements

• pci dss
• sox
• nist csf
• cybersecurity
• data governance
• communication

What You Bring

-Working knowledge of cybersecurity policy lifecycle, standards, and guidelines. -Working knowledge of data governance and privacy regulations -Requires practical knowledge of area typically obtained through advanced education combined with experience. -Experience with PCI-DSS and SOX -May require travel -Experience with security awareness techniques and processes in an enterprise environment. -Typically requires a university degree or equivalent experience and minimum 2-4 years of prior relevant experience. -Exceptional written and verbal communication skills that can be adjusted to relevant audiences. -Depth of knowledge with cybersecurity control frameworks (NIST CSF preferred) -Analytic and problem-solving skills. -Works independently on larger, moderately complex projects/assignments. -Minimum high school diploma or equivalent (GED) required.

People Also Searched For

About Pultegroup

-Known for developing high-quality homes and communities across the U.S. -Builds homes that cater to various lifestyle needs, including single-family homes, townhomes, and active adult communities. -Focus on innovation includes incorporating smart home technologies and energy-efficient features into many of their homes. -Continues to grow and adapt to market trends, positioning itself as a leader in residential construction and community development.

Sector Specialisms