Senior / Lead Cybersecurity GRC Analyst

Overview

Manage cybersecurity risk, compliance, governance, and audits for Talen Energy.

Key Responsibilities

• security controls
• compliance audits
• governance frameworks
• risk management
• incident response
• vendor risk

Tasks

-Security Controls: Evaluate existing security controls, policies, and procedures to identify gaps and recommend improvements. -Compliance: Assist in ensuring compliance with relevant laws, regulations (such as NERC, SOX, HIPAA, CMMC), and industry standards (ISO 27001, NIST, etc.). Conduct periodic audits and prepare compliance reports. Coordinate internal and external audits, including communication, walkthroughs, control testing and evidence gathering. -Governance: Support the development and implementation of security governance frameworks and policies to ensure alignment with organizational goals and regulatory requirements. -Training & Awareness: Support the development and delivery of security awareness and training programs for staff and stakeholders to foster a strong security culture. -Reporting and Documentation: Prepare detailed risk assessments, compliance reports, and audit findings for senior management and other stakeholders. -Vendor Risk Management: Assess third-party security risks and collaborate with other teams to evaluate vendor security posture. -Risk Management: Identify, assess, and monitor cybersecurity risks within the organization, ensuring effective mitigation strategies are in place and risks are documented. -Incident Response: Participate in incident response planning and provide support during investigations related to security breaches or compliance violations.

Requirements

• cissp
• cloud security
• nist
• grc
• 7+ years
• sailpoint

What You Bring

-Knowledge of threat intelligence and vulnerability management. -Ability to work effectively with cross-functional teams, including IT, legal and business unit leaders. -Strong understanding of cybersecurity frameworks and standards (e.g., NIST, ISO 27001, COBIT, SOC 2, etc.). -Excellent written and verbal communication skills are crucial for translating complex technical and regulatory issues to both technical and non-technical audiences. -Relevant certifications such as CISSP, CISA, CRISC, or CISM are highly preferred. -Experience with cloud security, IT governance, and data privacy. -Knowledge of compliance regulations (NERC, NRC, HIPAA, etc.) and risk management practices. -Proven ability to evaluate complex security risks and communicate findings effectively to non-technical stakeholders. -Hands-on GRC experience and a demonstrated ability to align risk management strategies with overarching business objectives. -Familiarity with security tools, risk management platforms, and compliance monitoring systems (SailPoint, ServiceNowGRC, AuditBoard, Abnormal AI, Proofpoint Security Awareness etc.) -7+ years of cybersecurity-related experience. -Bachelor’s degree in Cybersecurity, Information Technology, Risk Management, or a related field (or equivalent work experience). -Strong analytical, organizational, and problem-solving skills. -Ability to work in a collaborative, fast-paced environment with cross-functional teams.

People Also Searched For

About talen energy

Nope

Sector Specialisms

Security Clearance

-requires extensive nuclear power plant background security clearance.